formbook | 4c73fd4286e76a094eefafe5369f3a184ca4a38d567ae6dfad61645bf968a83f | Triage

Submit
Reports

Overview

overview

Static

static

bb30a5dd41...63.exe

windows7_x64

bb30a5dd41...63.exe

windows10_x64

Sharing

General

Target

bb30a5dd4130b071fb4ca5f005371c63.exe
Size

694KB
Sample

201120-cxyd18pnax
MD5

bb30a5dd4130b071fb4ca5f005371c63
SHA1

52c3ca02828a4ad8e8dbf790a61b3d77379ad391
SHA256

4c73fd4286e76a094eefafe5369f3a184ca4a38d567ae6dfad61645bf968a83f
SHA512

062f184dea6b1327418b7030b114cc40bf21072408fb9408bc18b823bce73534cf513a566ef16f90c0379581fb9e189d8d39614334c04c1607afbc02089ac0d1

Score

10^/10

formbook rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

bb30a5dd4130b071fb4ca5f005371c63.exe

Resource

win7v20201028

formbook rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

bb30a5dd4130b071fb4ca5f005371c63.exe

Resource

win10v20201028

formbook rat spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

C2

http://www.digitalcashteam.com/glt/

Decoy

blingenterprises.net

opalthemovie.com

auctionpros.club

simplyfluffy.com

nanbuild.net

1extrafast.com

active-connector.xyz

ocewnbank.com

zekmer.com

6755e.com

ryry-s1.com

pastrami.house

shivamall.com

activateportusaludybelleza.com

homeprosrva.com

tessuto.net

christopherspecht.com

ti-an-dossen.com

universe.icu

healthmixtt.com

tipsrated.com

findoffline.com

we11studio.com

rbnfnleoba.club

oghomeinfoa6.club

lgdmotor.com

zhiyoubin.com

fapemlogisticsc.com

santoshafacemasks.com

zettrackgpstracker.com

blogtalkraio.com

procyon.design

myvirtualmision.com

bamnlife.love

msksoft.net

outrage-lefilm.com

singlepebbles.com

straightaheadflixgroup.com

everychildnisanartist.com

collagenika.com

biohazardmethcleanup.com

ftehfb.com

europeic.com

themaskedstitcher.com

edxar.xyz

yenciaceves.com

show-jumps.com

creatincountries.com

tripleedelights.com

zuriadesign.com

mcjuirisit.com

reem.pro

sgbanfang.com

ally-app.com

organizationfun.net

findingthefaceofgod.com

barbellsandbarns.com

cttmall.com

s-f.club

magnoliamamas.com

kalkulatorweb.com

dearsropes.store

paytofindmebro.cheap

auykypznj.club

Targets

- Target
  
  bb30a5dd4130b071fb4ca5f005371c63.exe
- Size
  
  694KB
- MD5
  
  bb30a5dd4130b071fb4ca5f005371c63
- SHA1
  
  52c3ca02828a4ad8e8dbf790a61b3d77379ad391
- SHA256
  
  4c73fd4286e76a094eefafe5369f3a184ca4a38d567ae6dfad61645bf968a83f
- SHA512
  
  062f184dea6b1327418b7030b114cc40bf21072408fb9408bc18b823bce73534cf513a566ef16f90c0379581fb9e189d8d39614334c04c1607afbc02089ac0d1
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

formbookratspywarestealertrojan

behavioral2

formbookratspywarestealertrojan

© 2018-2024

Terms | Privacy