formbook | e2cb7aaa6bdd1a9029dd1db1ac0107556641d03608b8e8d520229e216462d779 | Triage

Submit
Reports

Overview

overview

Static

static

e2cb7aaa6b...79.exe

windows7_x64

e2cb7aaa6b...79.exe

windows10-2004_x64

Sharing

General

Target

e2cb7aaa6bdd1a9029dd1db1ac0107556641d03608b8e8d520229e216462d779
Size

753KB
Sample

220414-pv43qaghbm
MD5

194e6e2cb1b914c33e5d0ea233f7a813
SHA1

82eb016de527bdee7cc391219e1e6cdcdb64ad3d
SHA256

e2cb7aaa6bdd1a9029dd1db1ac0107556641d03608b8e8d520229e216462d779
SHA512

4cf030e4d43791e0c2006dffb7619e2a1f2b8ca596db01d8e3091b99f04b1d93a5ef36c21fda3189837e4901cc750f0c8c6a9ead93af67c5148c6b663242681b

Score

10^/10

formbook metastealer fs8 rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

e2cb7aaa6bdd1a9029dd1db1ac0107556641d03608b8e8d520229e216462d779.exe

Resource

win7-20220331-en

formbook fs8 rat spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e2cb7aaa6bdd1a9029dd1db1ac0107556641d03608b8e8d520229e216462d779.exe

Resource

win10v2004-en-20220113

formbook metastealer fs8 rat spyware stealer suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fs8

Decoy

deanpalm.net

dinu-living.com

setsomegoals.com

craftyfresh.email

cleantons.com

szysjfjx.com

shestakova.info

70skinstore.com

ampletrade.ltd

cmmcwomen.group

michinoeki-taka.com

auntoni.com

huochegw.com

abovekulture.com

gzjige.com

americastandproudagain.com

hobbyhousekennels.com

1020waterviewdrive.com

5927399.com

gabipareras.net

computercodecamp.com

kabu-work.com

haxings.online

protanny.com

yuejiaoxuan.com

chikachinwe.com

candidlyadulting.com

realtoday.net

highlandcelticart.com

airshotsus.com

ilnmdyqgl.icu

thelincolntondentist.net

lashvash.com

cozyhomecrate.com

altamirraonline.com

sgn98.com

bdcamp.com

housingneedanalysis.com

bijasani.com

spectrumtechnos.com

tranquiltouch2020.com

mugenkites.com

danasnjenovosti.com

cryptocurrency.wiki

mavangel.com

wilsonislandretreat.com

jerobelaustegui.com

skillsme.school

jusegalt.com

hpg.computer

ye-ya-jian.com

mackayadventurelodge.com

clevengerproperties.com

optimizedaerialsolutions.com

mohinisystem.com

secretary.store

wrightjusticesolicitors.com

time-to-dive.com

techyde.com

finopscert.com

affluentmentoring.com

fengye8.info

a8cpm.com

muellervieh.net

kumcal.com

Targets

- Target
  
  e2cb7aaa6bdd1a9029dd1db1ac0107556641d03608b8e8d520229e216462d779
- Size
  
  753KB
- MD5
  
  194e6e2cb1b914c33e5d0ea233f7a813
- SHA1
  
  82eb016de527bdee7cc391219e1e6cdcdb64ad3d
- SHA256
  
  e2cb7aaa6bdd1a9029dd1db1ac0107556641d03608b8e8d520229e216462d779
- SHA512
  
  4cf030e4d43791e0c2006dffb7619e2a1f2b8ca596db01d8e3091b99f04b1d93a5ef36c21fda3189837e4901cc750f0c8c6a9ead93af67c5148c6b663242681b
Score

10^/10

formbook fs8 rat spyware stealer suricata trojan metastealer
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Meta Stealer Stealer
  Meta Stealer steals passwords stored in browsers, written in C++.
  stealer metastealer
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookfs8ratspywarestealersuricatatrojan

behavioral2

formbookmetastealerfs8ratspywarestealersuricatatrojan

© 2018-2025

Terms | Privacy