formbook | 5084c2d455003df830c907939adc50ef250e7ccde99041e3f671202d1ec53c28 | Triage

Submit
Reports

Overview

overview

Static

static

5084c2d455...28.exe

windows7_x64

5084c2d455...28.exe

windows10-2004_x64

Sharing

General

Target

5084c2d455003df830c907939adc50ef250e7ccde99041e3f671202d1ec53c28
Size

438KB
Sample

220511-cyxftsdfa4
MD5

7431c0da6bae8041862806106270065d
SHA1

ae8611a9ec419855134f5c98999c64552029bfef
SHA256

5084c2d455003df830c907939adc50ef250e7ccde99041e3f671202d1ec53c28
SHA512

6838862dd49fcd22eb86e1475af170c94e2eea42dc3498c0e884132add9a835406729f1a678d33178a37a8b818d21e00a1cd5a1b4fe87df9e6eb2ca3273d3271

Score

10^/10

formbook kvsz rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

5084c2d455003df830c907939adc50ef250e7ccde99041e3f671202d1ec53c28.exe

Resource

win7-20220414-en

formbook kvsz rat spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5084c2d455003df830c907939adc50ef250e7ccde99041e3f671202d1ec53c28.exe

Resource

win10v2004-20220414-en

formbook kvsz rat spyware stealer suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kvsz

Decoy

hdlivesonlinetv24.com

illaheehillsseniorliving.com

wihong.com

christopher-cost.com

huayvipee.com

csdroped.xyz

relationsvivantes.com

xmcombohome.com

qingc2.com

sunsetcinemamusic.com

anotherheadache.com

connectlcv.com

unitermi.com

cugetarileunuisarman.com

agakegois.com

burnercouture.com

ambassador-holidays.com

schnarr-design.com

2013lang.com

httattoos.com

cleanhardinquiries.credit

jinduowei.com

despoticat.com

tclongke.com

medknizgka.com

mouowgoah.com

ehswholesale.com

sababa.club

facelift.pink

johnhall2020.com

superbahis62.com

erodea.com

dahaizhaofang.ltd

hiddenlighttattoo.com

michaelpte.com

easytradeoptions.com

jlnclub-hz.com

preciousmetals.supply

xn--9p4b887a.com

bigjbbq.com

twoamys.com

tor-one.com

freenfearlesscoaching.com

playmomknowsbest.com

maasiraq.com

michelon.solutions

shortpocketsmusic.com

pure-sonic.com

marilrealty.com

sillvoice.com

gawahrzinerbne.com

qsshop.net

globalmobilityinsights.com

psm-gen.com

stray-love.com

cjsweettreats.com

ulcforum.com

jlizf.com

guidemining.com

1440windingoakswest.com

mixedrealitycolabs.com

shealetics.com

11700.cloud

chazhentan.com

whealthypeople.com

Targets

- Target
  
  5084c2d455003df830c907939adc50ef250e7ccde99041e3f671202d1ec53c28
- Size
  
  438KB
- MD5
  
  7431c0da6bae8041862806106270065d
- SHA1
  
  ae8611a9ec419855134f5c98999c64552029bfef
- SHA256
  
  5084c2d455003df830c907939adc50ef250e7ccde99041e3f671202d1ec53c28
- SHA512
  
  6838862dd49fcd22eb86e1475af170c94e2eea42dc3498c0e884132add9a835406729f1a678d33178a37a8b818d21e00a1cd5a1b4fe87df9e6eb2ca3273d3271
Score

10^/10

formbook kvsz rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookkvszratspywarestealersuricatatrojan

behavioral2

formbookkvszratspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy