formbook | ac4d23b56b2aac65756dafc7d6ff505ba986f40410370ca4c094f0530e399d79 | Triage

Submit
Reports

Overview

overview

Static

static

REVISED IN...LS.exe

windows7_x64

REVISED IN...LS.exe

windows10_x64

Sharing

General

Target

REVISED INVOICE DETAILS.exe
Size

1.2MB
Sample

210726-layc6lre9n
MD5

f085c3358b59f0f7233e460816b9cffd
SHA1

1fa9928211033fd8afadc910e5acbd608d2686d1
SHA256

ac4d23b56b2aac65756dafc7d6ff505ba986f40410370ca4c094f0530e399d79
SHA512

88525849adc8ea59bf90a3e95d284b66514e24a955f059d1be29eab26e9d052d6dcd353668a3330055478b5c982ce508a8aa2aabe42dfc99979c9a4a70637d43

Score

10^/10

formbook rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

REVISED INVOICE DETAILS.exe

Resource

win7v20210410

formbook rat spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

REVISED INVOICE DETAILS.exe

Resource

win10v20210408

formbook rat spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.fabricwarehousebrla.com/mjf5/

Decoy

scxmarine.com

4week-keto-results.com

alllivesmattertojesus.info

stoxets.com

psm-gen.com

u2collect.com

steveandgail.com

dgemediagroup.com

ragsxghi.com

hirobasushinv.com

fcvlamingo.com

thebrownseaproject.com

achalaproductions.com

unstoppableinvesting.com

epay12303.com

polenmoda.com

pgpitagi.com

picksfacts.com

allhubph.com

negociandocomvocebr.com

faybless.club

rewardsdeliveryprogram.club

nigelpeoples.com

rishpure.com

agoncoutainville.com

electricskateboardbuilder.com

shoplify.net

meritroyal324.bet

spinvn.com

originoutfittersco.com

smokeandmirrorspdr.com

thebartley.com

mcatpreppackge.com

exsofts.space

revivalcastle.com

rhodeislandrealestatemarket.com

revkevindavenport.com

sascarrental.info

michellemiramontezcasa.com

smalltownnewspodcast.com

fantacylove.com

b2caffiliate.com

healthonlynutrition.com

destinationicehockey.com

kentaijiaoyu.com

sonsofencouragement.com

voiceuxlab.com

inspirasihebat.com

tanz-sport.com

newyorklifennuities.com

indiawalimaadrama.com

albaha-gate.com

p80shop.com

temptazar.club

wildesquirol.com

thinkbig-toystore.com

thebestweedkiller.com

imagepasal.com

suncomefc.icu

553865.com

titpervert.com

bizplaninfo.com

corporalfreddiestowers.com

la26eme.com

Targets

- Target
  
  REVISED INVOICE DETAILS.exe
- Size
  
  1.2MB
- MD5
  
  f085c3358b59f0f7233e460816b9cffd
- SHA1
  
  1fa9928211033fd8afadc910e5acbd608d2686d1
- SHA256
  
  ac4d23b56b2aac65756dafc7d6ff505ba986f40410370ca4c094f0530e399d79
- SHA512
  
  88525849adc8ea59bf90a3e95d284b66514e24a955f059d1be29eab26e9d052d6dcd353668a3330055478b5c982ce508a8aa2aabe42dfc99979c9a4a70637d43
Score

10^/10

formbook rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookratspywarestealersuricatatrojan

behavioral2

formbookratspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy