formbook | 62e44671bc5246a9e8b973d24ae92e8df17c17bea451993f7baae05580e4d6bd | Triage

Sharing

General

Target

JaffaCakes118_62e44671bc5246a9e8b973d24ae92e8df17c17bea451993f7baae05580e4d6bd
Size

230KB
Sample

241229-ezqe1ssnbk
MD5

eeed34c2f4d72cbdce5e43bab22cc5ad
SHA1

943d8f6bd26d7bbd5dcf60970eb66a34f71793d5
SHA256

62e44671bc5246a9e8b973d24ae92e8df17c17bea451993f7baae05580e4d6bd
SHA512

1698ce86b8666ccdbf041bbe4ea4b5ae73650e0005e51b0086e74def69f74365f6b0e36d34b2179cf52170e0d4ab10b9d10590dcbe826008a31519d0d5a54a1c
SSDEEP

6144:CaUUHU4bEkKlwDo/5IikNKvQVf/CE70Njd9/ADTWcZllcyYYdTJWzwN1fEV:cCU4YlpVgVP0Nji1Zy4JGA1f8

Score

10^/10

formbook u2s7 discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

u2s7

Decoy

mixso.site

rlagnin.com

imini.top

grapejulius.com

pkcomputer.online

surepolka.com

petahansen.com

rodriguezlawncare.net

oscartheelearning.ninja

gcubaang.top

learnserver.site

weddinginthehamptons.com

doctorverma.online

epicsx.com

signmole.shop

storetrade.store

htlenderschampionship.com

tigerexch-official.net

momentum6labs.com

safetyconsultants.sydney

Targets

- Target
  
  PO__63537353636___IME JPEG.exe
- Size
  
  242KB
- MD5
  
  9e401b1980973e79bc19c1e3ffe174bc
- SHA1
  
  ee948ec25692949114b3cd2c10d48d17dd2c6ad9
- SHA256
  
  9d192f8239db65d0e6cbc8e080b2177e237f93cfd8b4a4065bf709ed3b69ac47
- SHA512
  
  843fb44ba636367a8f7fbf8ade609ac61103769c1850580ec6bea2f01862be54451d0cc3c6e3f4f6dabc6d02c334ae92c69f3d0c6dd0e43c051c3a418fa0f300
- SSDEEP
  
  6144:93vpQ10lPSHF3riXXNYgTdQDWThv2qwMHtkTXR2i+P9+ZA:FLEAvWutkTBvQ+ZA
Score

10^/10

formbook u2s7 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooku2s7discoveryratspywarestealertrojan

behavioral2

formbooku2s7discoveryratspywarestealertrojan