formbook | ec4bc9d88a6dd7070ebfd8fad799fccd0dd248780a051b0837fe8eddfd189eb1 | Triage

Submit
Reports

Overview

overview

Static

static

QUOTATIO.exe

windows7_x64

QUOTATIO.exe

windows10-2004_x64

Sharing

General

Target

ec4bc9d88a6dd7070ebfd8fad799fccd0dd248780a051b0837fe8eddfd189eb1
Size

1.2MB
Sample

220520-16gmcahhbj
MD5

9ff874d015bbdc6e2fb5eb25f0e87413
SHA1

e7a12a434d1541534e42845af88335c37f1bfcc7
SHA256

ec4bc9d88a6dd7070ebfd8fad799fccd0dd248780a051b0837fe8eddfd189eb1
SHA512

1771e62be58da075ddcd4e2ca44fe3e6a7e8090d342a407c5f7456510d5347e8863ec3a40a2b79fcdad9339bbe17d04d727fcd6f2ffa35193e712cea8a12c1a1

Score

10^/10

formbook dmn rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

QUOTATIO.exe

Resource

win7-20220414-en

formbook dmn rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

QUOTATIO.exe

Resource

win10v2004-20220414-en

formbook dmn rat spyware stealer suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dmn

Decoy

sadelwatterson.com

iwanttodesignforlitmus.com

familytelco.com

underphone.com

tongyouqu.com

measureuplive.com

550754.top

habermanforcongress.com

elevateyourexit.live

megapolitique.com

annelegrand.design

geotourconsult.com

dahanhg.com

lailaisong.com

selcenkocak.com

jcvsq.com

jhn2.com

mimo103.com

baytownbounce.com

justanothercritic.com

liuhe093.com

managementpartner.net

juventudfronterizarecuerda.com

heavennailsstudio.com

charlesmultimedia.com

798726.com

stephanielysebrennan.com

returnofthegadgets.com

download-ap.com

lorenzocoscarelli.com

downloadoe.com

44brcl.biz

hopesouthsafaris.net

thelearningboost.com

electronicsurgery.ltd

jlwwj.com

firstmilecare.com

takemap.com

dope.support

harlowandeverett.com

iccmembers.com

pbcalendar.com

lisalakinky.com

aichonghome.com

blueeyesbeauty.info

zanzibaricuisine.com

dagym4.info

eminemlak.net

buildwithsequence.com

wordpress-hosting-123.com

onestopteespot.com

seosueengine.party

www006345.com

jd9545.com

urbanpantherfinancial.com

lygj8899.com

quanqiugangs.com

toneri.online

hbxyyl8.com

northwoodmgt.com

heipigo.com

fatihcinaremlak.com

koreagim.net

webcheckq.com

lonxer.com

Targets

- Target
  
  QUOTATIO.EXE
- Size
  
  548KB
- MD5
  
  f47260278fdefc14190e08fea301753b
- SHA1
  
  28ddee1b6b033c57e8ce033db930fd7a403acdf2
- SHA256
  
  6f9973f8abd9e5fb811ccb04db4fc7063fb01623edd3f53e9a8a20e352ffa8ba
- SHA512
  
  3d6e37816c77c86c9137fe1d5d38155d8882d85bedb6dddf49ed64235fae9485a5b0c0e3ad75dbd62b621d1f67b0c26805202afd51f5c7f867a8ecefafb21579
Score

10^/10

formbook dmn rat spyware stealer trojan suricata
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE FormBook CnC Checkin (POST) M2
  suricata: ET MALWARE FormBook CnC Checkin (POST) M2
  suricata
- Formbook Payload
  rat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookdmnratspywarestealertrojan

behavioral2

formbookdmnratspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy