formbook | 9cca5ee417bb9929c186dc8c2daa8f645e23fc7b1c32c0cb18fef77ef728c7ca | Triage

Submit
Reports

Overview

overview

Static

static

3

Purchase O...IX.exe

windows7-x64

Purchase O...IX.exe

windows10-2004-x64

Sharing

General

Target

Purchase Order Project No.8873_ECOFIX.exe
Size

101KB
Sample

240701-gnk29s1dmm
MD5

5b93648ff0ed23f7a77cf8ba1c7dfd29
SHA1

4ab10dc761f140b00a880699b5b71d67d000f4b9
SHA256

9cca5ee417bb9929c186dc8c2daa8f645e23fc7b1c32c0cb18fef77ef728c7ca
SHA512

be2c33e988f20a153e0c922b9458c997ca93e349e7127bc83c95cc45d440dc2734870f862c0f7dede4a81f5fa5ecbf6d006aa65a63a7bbb3d38b42ac90df88af
SSDEEP

1536:n8D9sbgCMGEEEEEEEEEEEbEEzEEEbEEEEEEbEEEEEEbEEEEEEbEEEEEEEbEbE3kK:n8D9sbgCM5M7C34gj7

Score

10^/10

formbook b2du persistence rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Purchase Order Project No.8873_ECOFIX.exe

Resource

win7-20240508-en

formbook b2du persistence rat spyware stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Purchase Order Project No.8873_ECOFIX.exe

Resource

win10v2004-20240226-en

formbook b2du persistence rat spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b2du

Decoy

jaiesgae.online

rorysmysticrodeo.com

wd-freight.net

nfttwinning.com

yuguomall.com

lobotomizai.com

dermatologist-jobs-62886.bond

laineway.com

epistlesmultimedia.com

135w52st30a.com

kqoik2x6me.asia

murinoreactsrf.online

donnarainslegacy.com

maison-roc.com

majestyjewelss.com

suksesbersama.live

skillpraxis.com

lncnln.top

79iwin.top

rentasmoking.shop

i-maroc.online

uagerin.site

vitalwatchofficial.com

75840.xyz

bonavi.net

yilianmail.com

brandongarrett.biz

2182275.com

682032.com

nowstack.dev

dscostruzioni1982.com

harprus.xyz

kynanglanhdao.com

aquatum.com

weepitch.com

tokaiboyschallenger.com

bambzoo.com

bajandoideas.com

hgcustomcabinets.com

onjabet724164.top

padisahbet587.com

aleksi1.com

scoyf.net

barcaparfum.com

checosbar.online

wujin1.site

sedmac.com

ggdrop.uno

chatient.com

oleksandr.fun

olitoyoga.com

07876.store

megadurian.com

cahayaanugerahkreasi.com

sinisterfairytales.com

istanbulyeditepe.net

emt9933.click

lundellpartnersllp.com

jaw3l.dev

drprji.cfd

be5e.com

bong.ooo

wjziyuan.com

jgo-bitume.com

5ggt22m8.xyz

Targets

- Target
  
  Purchase Order Project No.8873_ECOFIX.exe
- Size
  
  101KB
- MD5
  
  5b93648ff0ed23f7a77cf8ba1c7dfd29
- SHA1
  
  4ab10dc761f140b00a880699b5b71d67d000f4b9
- SHA256
  
  9cca5ee417bb9929c186dc8c2daa8f645e23fc7b1c32c0cb18fef77ef728c7ca
- SHA512
  
  be2c33e988f20a153e0c922b9458c997ca93e349e7127bc83c95cc45d440dc2734870f862c0f7dede4a81f5fa5ecbf6d006aa65a63a7bbb3d38b42ac90df88af
- SSDEEP
  
  1536:n8D9sbgCMGEEEEEEEEEEEbEEzEEEbEEEEEEbEEEEEEbEEEEEEbEEEEEEEbEbE3kK:n8D9sbgCM5M7C34gj7
Score

10^/10

formbook b2du persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

formbookb2dupersistenceratspywarestealertrojan

behavioral2

formbookb2dupersistenceratspywarestealertrojan

© 2018-2024

Terms | Privacy