formbook

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_0be35975a9936bc239c69fb4c6e123f1b9f8b20c469d7fc38c62ae41fbde017b
Size

468KB
Sample

241230-w3pfkavqft
MD5

b7211c9280527a2527b36f5cac012b2b
SHA1

53a23345075daeba0061329f2c1dfc34ffcbcf97
SHA256

0be35975a9936bc239c69fb4c6e123f1b9f8b20c469d7fc38c62ae41fbde017b
SHA512

16962b9640953917fed01ef53786915f5f8b70c84fa5117fb9474282cfa0bc967ec2572b5e9311468d08ce537861b1f4e0d43e29761e56567c7e4ee23bb306d9
SSDEEP

12288:yKgWQeotCQ1eN4j7taYBHyHISGw51WtJZKNViWma3DBI8JpGBnq:dgEN4j74lhGwWzKaWma3j/F

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pw9

Decoy

applephone.red

bureauxfashion.com

05044444.com

newmarketingideas.net

7754y.com

976life.com

rilio.realty

amandakohar.com

003manbetx.com

tomtomxl.com

pulse-group.com

qdhtdzj.com

desitebuilder.com

ivymaephotography.info

sgpoloclub.com

aaeventsshop.com

mobilesant.com

lewismobilewelding.com

firefromthearchives.com

printathomeparties.com

Targets

- Target
  
  InvoiceFB1.bin
- Size
  
  487KB
- MD5
  
  cea9f8ab6f247ba9d68798b685bc5ebd
- SHA1
  
  d02f86034c86efe9aa457306e76746e6df294115
- SHA256
  
  5ac464b04f871540a52fb5c7e8349f1bd7856a9e6f6d63eadd61755637e7d1da
- SHA512
  
  82ffe9ca68c189b6066e478c70d3b10d84bfd026988540ac4ce08ac58ece1f79789d362cbea2b779cb0a07ef50c4c4913328b98ac19aca43bfef4561e3e9f572
- SSDEEP
  
  12288:nanrKibhvVp2ygaKNOALUMEaRjByWActJNc7pQzqmgY:UvbhvVhzKnLdB2QJkCoY
Score

10^/10

formbook pw9 discovery rat spyware stealer trojan persistence
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Adds policy Run key to start application
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $APPDATA/black/11.opends60.dll
- Size
  
  52B
- MD5
  
  930bc034e3171d648fc66a058697797e
- SHA1
  
  3e1e5c19b992de321e8b92ada92dd674447b5148
- SHA256
  
  963a0f60ab234baf2ef15c768e8b8beb0b4b1246cf194bf4e837ecc17c841b16
- SHA512
  
  788fdf69ef599fb29f7f3f79ad29f5a97baa1c05729b1191bbb5c3d8f910e99b4072c50de6f2953e97d0e698620b45d8d2898ed5df0cf873ee016e96a90c51b1
Score

1^/10
behavioral3 behavioral4
- Target
  
  $APPDATA/black/MFC80CHS.dll
- Size
  
  40KB
- MD5
  
  82b3145c4a4d708288447ded7d2e9e8f
- SHA1
  
  850f325668133f38a2c9b5e38b757381f02c4f0d
- SHA256
  
  e78ce4d46f8b655f830fdb950cac8cd2e7ea98a168b45e648fb78f59c47b4600
- SHA512
  
  bb0b710d81b5be93c95a710a0b081bc1f398d95ecb55b03997523b9f2366d6717c07849de58feac6b4439b1b56418c4804d5e0b1ab7cc216a5993c0091b2dc3a
- SSDEEP
  
  384:+DNemsf/tAGqyVUIrvVWJWRUJwxV0fwItnFiHyt6S26r81Jd5AJd:+ZXs9AGDTrvFVx4wItnFfL26r81nE
Score

1^/10
behavioral5 behavioral6
- Target
  
  $APPDATA/black/bscmakeui.dll
- Size
  
  6KB
- MD5
  
  2905448a1273d03c6279c42b9c735063
- SHA1
  
  10154d553234e8cabc58641dec87ea52a94c5901
- SHA256
  
  22b0d61fddb88dbdff7422d0ba8309b2e2c95c4aca1c9b328c2605342ca0e3b1
- SHA512
  
  5f547444cb2473b96aea2421cbbb6bf4094fe128a5c15e54766c97c3a9281349216104c8d0e08c7b038b01b2a8db362e6ad9714f76b2029e90073fd2e46957a3
- SSDEEP
  
  96:pEWR4nN5bWPVqQsU5VrLHD73cIJoxatq9BAxtmqJ8UZ7hXfknLM:qWRSN5bWN9Byatq9G7
Score

1^/10
behavioral7 behavioral8
- Target
  
  $APPDATA/black/fusion.dll
- Size
  
  9KB
- MD5
  
  ad23bb6b329c7d5ee8a43b89e2fd4fd2
- SHA1
  
  2875975bc0a565a2717d2c5c575a1f16b14344e7
- SHA256
  
  ca6afebbe76f81d8de05a252f56728ef94e15eab0e2fa7a225703c6140c35718
- SHA512
  
  b0401acfbc6edf9c9f6773ff875543cde5af932e9b590a0626b1c9a5e901d1a318ade9db26d9410dbea18eac3fe6d63d25ed42b17d755101acff3c5cc9a30d9d
- SSDEEP
  
  192:N6aZXyQRBttlELYqZXRfp027P0WcpuqmpF6sWN3X9rkr1VtWCNsoW/4oW2:N6kBXlmrF6s6a1VtWWsoWgi
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $APPDATA/black/makehm.exe
- Size
  
  31KB
- MD5
  
  dc4c0d30445ba9fc4294561284c1beac
- SHA1
  
  4e3a39af21d5fe3914f5b6c29af574b2a32319ea
- SHA256
  
  3b65d65554c6a6e65c93d0d168bac6761f709431fdaaad72560744dfca8f0cc0
- SHA512
  
  ba365f033ac3fa49373f1aa20b8000171c96259878f131a187538064bc8bdf93182f47203e877b9ef219f7545963f6adefae8921efec8c07d296dc3c8ecca291
- SSDEEP
  
  768:puceUUIYhV3rrFfuxIoHUWV2hi1lD09O5R4L3d/o+:teUUIYhpExIoHCUHDeO5R4R/o
Score

1^/10
behavioral11 behavioral12
- Target
  
  $APPDATA/carts/23.opends60.dll
- Size
  
  44B
- MD5
  
  5e43eac3b2aa8f452cee04cfde8a87a4
- SHA1
  
  a6f69134a7649cbf89d8870111799fdfd01025d0
- SHA256
  
  f5cd4d8faccc77719332741da5cb2bd400671d1dbcb3fcd77ef1b3d7fc6d84fa
- SHA512
  
  0637a4ece1b136f3944af87e2e3a231e02c5f6007ff7a976f401003d7458f50eef092f5a2db26add6b84e5d657c9ae0523f8dc31976ac1cb9e9f3ceedacf8951
Score

1^/10
behavioral13 behavioral14
- Target
  
  $APPDATA/carts/54.opends60.dll
- Size
  
  47B
- MD5
  
  35e69a71f792aa79f479c02e4168ce50
- SHA1
  
  6e8c1e9d1f8003e70d046e4959b0d6a63243aba0
- SHA256
  
  b96e908409cb44280e41255daf54e10bae6206aab2bc2d3881c11e22c1bffb16
- SHA512
  
  572574dc07e524a20dfef37dc4686b76eb2dc018aeea5bd245274d96b488c968003ce012ef5ef8975a8e0f010d8c92733cddf37554dddcd27a81cce6edf7cfe2
Score

1^/10
behavioral15 behavioral16
- Target
  
  $APPDATA/carts/aspnetwp.exe
- Size
  
  29KB
- MD5
  
  586677e260d59c0aef4787749bd22e22
- SHA1
  
  0362a9f12b333489d0881ad80487a5d70c6f6c53
- SHA256
  
  16f9671a4d62b9b6d58339d58cecd1cb1a57fb55b98e449a36520b6ae57fb3a3
- SHA512
  
  a7eea5ce32354e4d83a4c83ac743a9fb9a3d345ada34db2366259709e98606b8815cd588ba3c87efd3450d827844983670df10fbe252ea622c9a98d62371e7b4
- SSDEEP
  
  768:i2LK/zkfU+wmeQNm+1QNVB77TrfL3d/o+k:i2LKb0DwmeQNmwMpXfR/oB
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $APPDATA/carts/autorun.exe
- Size
  
  46KB
- MD5
  
  c561c91697b205f0fd2c374baad9ef66
- SHA1
  
  18822cdd683d24537f7a723c00f35a2dffe9b02d
- SHA256
  
  57071f7fd10ff3036d687467f762f8b6bf3bb646e6177d8756d52c8b611b4b72
- SHA512
  
  e8dc0ea78d36b135d7da5a2b973449f04af26d4a34dc7acf7d9cad89aa7301f3010b606aab4c0f3ca6c152eadcc468376a9cb32a431d1a7b0f3b0b1d4387d6c6
- SSDEEP
  
  768:uW7vYMBFOZe+v5GUWD90+kD/Cnxb1sIPNIetbEtao9L3d/o+taTr:37vYMroGfKeiIPNHwtaiR/o8A
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $APPDATA/carts/msdatasrc.dll
- Size
  
  4KB
- MD5
  
  8e79ba0e04148e7709c75d8838d03e3f
- SHA1
  
  6535f7e9c71856ced16a73de3462330b0544af05
- SHA256
  
  23589e0651406e957d684d0af036e718e155500fc9498b0916d294509dfecc2c
- SHA512
  
  fd22a45d13bc757eec6bda780fd98ab2fec35bd01478138483ed6bb7b3fcff0b4f5693754050b597114d897e3ca785579f61a44a3b54eb14717130999ce9d0d9
Score

1^/10
behavioral21 behavioral22
- Target
  
  $APPDATA/carts/sbssystemconfigurationinstall.dll
- Size
  
  5KB
- MD5
  
  609370f0bf6e988625aa046750d2549b
- SHA1
  
  3c1a623311abe80805777158dc0c35a35acbc63c
- SHA256
  
  21102a88542269c6c4c2dd6f31407920adee9da102bdc760a1bc1107774e632f
- SHA512
  
  7a59f7c5661962b5d325fe911c597f8f805cd1b10de87fc369787c039f62d6424129cfc1666e1577d090d9081c96f0057097456483bebdca0653b9848d165635
- SSDEEP
  
  96:7ytDRYgyqZIBwiu7gOMLqdONLA6Wt0rIBN8W:aDagynwiu/yvNLnWtpBN8W
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  $APPDATA/carts/sqlleUI.dll
- Size
  
  8KB
- MD5
  
  293eb49ee029fa63feb9936b30309f76
- SHA1
  
  835a7e174073a6f7a5b4d743d37276d24a1af9ed
- SHA256
  
  226b319c19a932c1baf6afffbdca3b384a4dfc2a97e88a873bc3348271983ea6
- SHA512
  
  5274b68d8251398ec0a9e35cf6c49cccfc40af18100998573a0d7afa20569e47704e6cc6d4fea47edb0ebbc2c9b455c4d833d1616aed19d8c4d4565f6210557e
- SSDEEP
  
  96:t3tUfaE/vU7ICFz0kzeYEWq6OONXYHIWPVJzCfiVEgU7ZwikZXQ5JlCaN2aq000t:t9yaE/vpCFwWqcNXYHIWNJ+NhwH5QI
Score

1^/10
behavioral25 behavioral26
- Target
  
  $APPDATA/carts/tcprops.dll
- Size
  
  46KB
- MD5
  
  c4db4da6429f80d5c12a10b0c4123185
- SHA1
  
  545a7c9a68078c1b52c4e2074d1a6ac67b2c84cb
- SHA256
  
  98042ba37e736751485aad50078fcf0b5a4e9aedb1b763f35d3201030aaf4b30
- SHA512
  
  1e9efbc60db1fe55260a6b33211e48a13ebf5bcddf1bca71459dbb71145db2171754ea488f4823819b378e8aba992d861c97e87a415ea5fbfcc119f62f7c00d8
- SSDEEP
  
  768:4yt2XzU9SQmV+nZIHZyyinC+wPpmnKOyvj2sbkfTOlM6JB:yU9xmsncoEGqj2sbcTOlM6L
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  $APPDATA/carts/u2l2000.dll
- Size
  
  22KB
- MD5
  
  6ec4efacbc97780df137830a7048eb84
- SHA1
  
  42baf27afbed37494c6dec64397bee989bee346b
- SHA256
  
  2dca9c28a3a056bf5a851bc0715da8f794a2c5663c2a55290fe802fb67eebf2a
- SHA512
  
  8a4951d17858b043ec279a322d54fa759f58e05237865ca7c7d93a60e253f2d7183d35581934561044a2b23b9aec64bb3bb3f9ec9977224c1621eccf75302475
- SSDEEP
  
  384:5w2rZdfNO4Pdc1YUo21/ar7jCDS+/hLCcY9jBJJ1lqI:5w27iSr747pL38TJ1lqI
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  $APPDATA/carts/vcbuildui.dll
- Size
  
  14KB
- MD5
  
  30e455126205adb295b6e27662afd489
- SHA1
  
  16a9a82a303d9cc89c5498fa757ce532d7d092c4
- SHA256
  
  6794f7c3fd53137f8bc0d937fbc91249f4e0a714239923f18ee01b3e22b5c8cc
- SHA512
  
  4d2072b6ab5b9cd2b1234525cc1bbe1638868588a9e7f6e39ec14d390843097845146888aebecbe57ef9014f0c5a28a68114568dfb9fc226aef0b1b9ed01c915
- SSDEEP
  
  192:NRXZWEHTBGWNrYcCd0T84lgdeTR9Fy/P60JH5FbMFvtu9GHSu3dw:DXZWOgWDg7tW3
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Adds policy Run key to start application

Loads dropped DLL

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32