formbook | 2c3c06ae684b68083640169fb962cc24fb32d4efe232a0ec0727f7c5d69dacae | Triage

Submit
Reports

Overview

overview

Static

static

orden de c...df.exe

windows7_x64

orden de c...df.exe

windows10-2004_x64

Sharing

General

Target

orden de compra pdf.exe
Size

758KB
Sample

220211-r75wwscge5
MD5

89f889b05115d5e7e9f84f059d967d45
SHA1

241cbc0d823d4b74a95b09ae5a3719b39abc279e
SHA256

2c3c06ae684b68083640169fb962cc24fb32d4efe232a0ec0727f7c5d69dacae
SHA512

110042d4c670680c4f5ccc422c540d9b5a12895e671e5cab98b96d5c7ac6c7d055a51cf5775c6fb2357b172d1efe5c4cf0849ea631d8654f1fb5fb8c406e5fdd

Score

10^/10

formbook g2m3 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

orden de compra pdf.exe

Resource

win7-en-20211208

formbook g2m3 rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

orden de compra pdf.exe

Resource

win10v2004-en-20220112

formbook g2m3 rat spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g2m3

Decoy

stocktonfingerprinting.com

metaaiqr.com

junicy.com

libertymutualgrou.com

jklhs7gl.xyz

alex-covalcova.space

socialfiguild.com

drnicholasreid.com

androidappprogrammierie.com

relatingtohumans.com

jitsystems.com

gbwpmz.com

lesaventuresdecocomango.com

wu8ggqdv077p.xyz

autnvg.com

wghakt016.xyz

lagosian.store

hilldoor.com

oculos-ajustavel-br.xyz

nameniboothac.com

lifuyao.com

cardinalsplayerstore.com

pholoniex-an.xyz

clarensis.com

wu8d616yyt6z.xyz

uidrp.com

gents.style

npwpkl.com

xn--kinsithrapeute-dkbe.xyz

cruzinu.xyz

raverwren.net

veuology.com

armbandtas.com

77xy.xyz

racingsilks-nft.com

academiademujerespro.com

makciakla.com

hopejustmade.com

catrionatowriss.com

kcebtaz.xyz

hongjunwuliu.com

vegecru.com

sidesofthenorth.com

buytacpyshop.xyz

nexuslanka.com

benormxukraine.xyz

hnart-child.com

globalrockstar.xyz

ilovesinglemoms.com

ollorhythm.com

ozkonyalikebap.com

kenmark-inc.com

recuerdosoxidados.com

interviewacomicnerd.com

have4grand.com

mcattoneys.com

ksherill.com

greenelectricmotors.com

matercenter.com

anwisystems.com

buylowatlanta.com

1stuebc.com

topbunkconsulting.com

heathlytrim.com

autnvg.com

Targets

- Target
  
  orden de compra pdf.exe
- Size
  
  758KB
- MD5
  
  89f889b05115d5e7e9f84f059d967d45
- SHA1
  
  241cbc0d823d4b74a95b09ae5a3719b39abc279e
- SHA256
  
  2c3c06ae684b68083640169fb962cc24fb32d4efe232a0ec0727f7c5d69dacae
- SHA512
  
  110042d4c670680c4f5ccc422c540d9b5a12895e671e5cab98b96d5c7ac6c7d055a51cf5775c6fb2357b172d1efe5c4cf0849ea631d8654f1fb5fb8c406e5fdd
Score

10^/10

formbook g2m3 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Command-Line Interface

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookg2m3ratspywarestealertrojan

behavioral2

formbookg2m3ratspywarestealertrojan

© 2018-2024

Terms | Privacy