formbook | 6698735d635bc7b991236e31da603fd2f08cb9c2e41fbc8c0aed7efbdf63f9a7 | Triage

Submit
Reports

Overview

overview

Static

static

1

bc0ef9408f...18.msi

windows7-x64

bc0ef9408f...18.msi

windows10-2004-x64

Sharing

General

Target

bc0ef9408fc18184938d89d695f8fb2b_JaffaCakes118
Size

468KB
Sample

240618-p7j83sydpp
MD5

bc0ef9408fc18184938d89d695f8fb2b
SHA1

e6198d3ab82269f4d4c6309c918330190dcf693c
SHA256

6698735d635bc7b991236e31da603fd2f08cb9c2e41fbc8c0aed7efbdf63f9a7
SHA512

9397077dd2388af14a39aad7191ad05e0f9a40faea7e44ea879a56bd44da3a5fbbcaa2792486c145d1166f9fd8dbf8c2ee47803221758c07b6634822f4eb65db
SSDEEP

6144:QEsI1tKVCRk4tywG4JSW2H79BKZ2RLHVIgFXAExTAvVSMfGdZ1z:QESVp4tyJ4YH7q2QNE+NNfGd

Score

10^/10

formbook he persistence privilege_escalation rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

bc0ef9408fc18184938d89d695f8fb2b_JaffaCakes118.msi

Resource

win7-20240508-en

formbook he persistence privilege_escalation rat spyware stealer trojan

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

bc0ef9408fc18184938d89d695f8fb2b_JaffaCakes118.msi

Resource

win10v2004-20240611-en

formbook he persistence privilege_escalation rat spyware stealer trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

he

Decoy

ajnonline.info

marpolos.com

lzj97.com

meijiatp.com

soyoung-dongha.com

arrambideabogados.com

tannor.net

f1yc33j0wmn.biz

geboooth.com

battery365.net

nu-entry.com

obaldo.net

downstreamlatam.com

belkysfloral.net

chwaimai.com

winningpowermomentum.com

transitiontomedicare.net

creationglobalcrew.com

mimtechs.com

indianplesur.com

krybaybee.com

bigwheelcarryout.com

poly-travel.com

xenomachines.com

xn--youtuber-tr4ve58dwiy.com

infotamasia.com

projectmx.tech

primarycarepathways.care

ejuicecigar.com

deal-boat.com

ggluav73.com

bjt988.com

framsafaritours.com

motionmedia.group

bvgva.info

datingtipp.com

dotsandjots.com

plannplanet.com

naturalselfcareonly.com

zenith-bar.com

centraljerseypsychiatry.com

iyogcp.men

kawasakishi-sangokotuban.com

takfilm9.com

axxisfiresystem.com

patriotshirt.com

hunanweishizaixianzhibo.com

gensan.world

africanmd.com

changliefutian.com

chicagoiltowing.com

bishvax.com

negociosenlared.info

stunningshop.com

flkam.com

subrosa.ltd

digitalcoin.today

rajmatharu.com

munchme.store

cmoan.info

rakeschool.com

yijiaqq.com

offers.party

bsnsnbb.com

plodameg.com

Targets

- Target
  
  bc0ef9408fc18184938d89d695f8fb2b_JaffaCakes118
- Size
  
  468KB
- MD5
  
  bc0ef9408fc18184938d89d695f8fb2b
- SHA1
  
  e6198d3ab82269f4d4c6309c918330190dcf693c
- SHA256
  
  6698735d635bc7b991236e31da603fd2f08cb9c2e41fbc8c0aed7efbdf63f9a7
- SHA512
  
  9397077dd2388af14a39aad7191ad05e0f9a40faea7e44ea879a56bd44da3a5fbbcaa2792486c145d1166f9fd8dbf8c2ee47803221758c07b6634822f4eb65db
- SSDEEP
  
  6144:QEsI1tKVCRk4tywG4JSW2H79BKZ2RLHVIgFXAExTAvVSMfGdZ1z:QESVp4tyJ4YH7q2QNE+NNfGd
Score

10^/10

formbook he persistence privilege_escalation rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Installer Packages

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Installer Packages

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

formbookhepersistenceprivilege_escalationratspywarestealertrojan

behavioral2

formbookhepersistenceprivilege_escalationratspywarestealertrojan

© 2018-2024

Terms | Privacy