formbook | 8c3f224cf0567bbd99154105d471e29b60f5e5c0afb2683be992c9f702a7e7d9 | Triage

Submit
Reports

Overview

overview

Static

static

налог...df.exe

windows7_x64

налог...df.exe

windows10-2004_x64

Resubmissions

21-02-2022 12:32

220221-pqletaabf3 10

21-02-2022 10:50

220221-mxbsvaaaap 10

Sharing

General

Target

налог за купување pdf.exe
Size

758KB
Sample

220221-pqletaabf3
MD5

79488bd73bf0e3f4d2e4b87c3e3b3fc2
SHA1

e832dab0dcc66e8afc4b0ddd4748893386d10e68
SHA256

8c3f224cf0567bbd99154105d471e29b60f5e5c0afb2683be992c9f702a7e7d9
SHA512

d894a09daf58a67b63767769638add7483ce202b914b686f14bfe0bccd12aeaf8c715b8d006c2bef8ac8c54cfeb2c762673fb62659f93983c43befe03916fbdf

Score

10^/10

formbook g2m3 persistence rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

налог за купување pdf.exe

Resource

win7-en-20211208

formbook g2m3 persistence rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

налог за купување pdf.exe

Resource

win10v2004-en-20220112

formbook g2m3 persistence rat spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g2m3

Decoy

stocktonfingerprinting.com

metaaiqr.com

junicy.com

libertymutualgrou.com

jklhs7gl.xyz

alex-covalcova.space

socialfiguild.com

drnicholasreid.com

androidappprogrammierie.com

relatingtohumans.com

jitsystems.com

gbwpmz.com

lesaventuresdecocomango.com

wu8ggqdv077p.xyz

autnvg.com

wghakt016.xyz

lagosian.store

hilldoor.com

oculos-ajustavel-br.xyz

nameniboothac.com

lifuyao.com

cardinalsplayerstore.com

pholoniex-an.xyz

clarensis.com

wu8d616yyt6z.xyz

uidrp.com

gents.style

npwpkl.com

xn--kinsithrapeute-dkbe.xyz

cruzinu.xyz

raverwren.net

veuology.com

armbandtas.com

77xy.xyz

racingsilks-nft.com

academiademujerespro.com

makciakla.com

hopejustmade.com

catrionatowriss.com

kcebtaz.xyz

hongjunwuliu.com

vegecru.com

sidesofthenorth.com

buytacpyshop.xyz

nexuslanka.com

benormxukraine.xyz

hnart-child.com

globalrockstar.xyz

ilovesinglemoms.com

ollorhythm.com

ozkonyalikebap.com

kenmark-inc.com

recuerdosoxidados.com

interviewacomicnerd.com

have4grand.com

mcattoneys.com

ksherill.com

greenelectricmotors.com

matercenter.com

anwisystems.com

buylowatlanta.com

1stuebc.com

topbunkconsulting.com

heathlytrim.com

autnvg.com

Targets

- Target
  
  налог за купување pdf.exe
- Size
  
  758KB
- MD5
  
  79488bd73bf0e3f4d2e4b87c3e3b3fc2
- SHA1
  
  e832dab0dcc66e8afc4b0ddd4748893386d10e68
- SHA256
  
  8c3f224cf0567bbd99154105d471e29b60f5e5c0afb2683be992c9f702a7e7d9
- SHA512
  
  d894a09daf58a67b63767769638add7483ce202b914b686f14bfe0bccd12aeaf8c715b8d006c2bef8ac8c54cfeb2c762673fb62659f93983c43befe03916fbdf
Score

10^/10

formbook g2m3 persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookg2m3persistenceratspywarestealertrojan

behavioral2

formbookg2m3persistenceratspywarestealertrojan

© 2018-2024

Terms | Privacy