formbook | 05fafaa473d50e4df54ac7f838b816f90fbb1cc1313cd514a275aed45ac1f6c3 | Triage

Submit
Reports

Overview

overview

Static

static

PO.9758752img.exe

windows7_x64

PO.9758752img.exe

windows10-2004_x64

Sharing

General

Target

05fafaa473d50e4df54ac7f838b816f90fbb1cc1313cd514a275aed45ac1f6c3
Size

360KB
Sample

220521-d4l3qaggf9
MD5

48c264091019a9b86ec135b52ec9deed
SHA1

34faccd535489cf940fe01f7ef2f307598f60b65
SHA256

05fafaa473d50e4df54ac7f838b816f90fbb1cc1313cd514a275aed45ac1f6c3
SHA512

72b0da94938a2f889515a5aad9fba8d4e74d05f0788fcf5fabdc853e2e89adf6a0ddd41fca748a813ef3bc3207b93695bc5f1329d48907c4140cee973881fc45

Score

10^/10

formbook duj evasion rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PO.9758752img.exe

Resource

win7-20220414-en

formbook duj evasion rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PO.9758752img.exe

Resource

win10v2004-20220414-en

formbook duj evasion rat spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

duj

Decoy

deapink.pink

tkmdz.com

nytzshicai.com

photos-identite-dijon.com

ekanun.net

xn--fiqy4bxl57l9sag6f6wb.ink

slivercat5.com

ai-ethics.net

510ns.com

inotherways.com

ridesharesettelment.com

zjxiangnong.com

aoraessentials.com

sheap-list.com

heshengqy.com

experts-comptables-paris-17.com

parissummerolympics2024.info

gtyx88.com

devopsonjob.com

vodacred.com

kandilakes.com

digitalcoincollective.com

seedrazer.com

24houremergencyroomnearme.com

xn--lg3bu5if3f.com

557486.top

czqfkj.com

running0711.com

aimwizard.com

holdingtoken.com

qgyldzw.com

mt1618.com

chiquicreates.com

0pe345.com

shopmomsthebomb.com

cheerzhangover.com

tascoxuanphuong.info

suitablepersonalprotection.com

dh12345.com

pixelfocusphotography.com

tianhegongcheng.com

foodsweet.com

hoamailand.com

btr96.info

eatsmartcookie.com

studebakergs.com

110422.info

infoicobit.com

northeastphillyshuttle.com

lover-road.com

pacificsolo.com

intangiblebitcoin.info

quericus.tech

indianchemicalmart.com

trublueroanokeva.com

apollontimes.news

interiordesignersudbury.com

klarkindustria.com

fraisgr.com

marketersarbitrage.com

adoriagroep.com

hxjfqe.com

stoneandstran.com

genkicoffee.com

spatren.com

Targets

- Target
  
  PO.9758752img.exe
- Size
  
  419KB
- MD5
  
  58727beb95ca8e5ec902f266901f3ebe
- SHA1
  
  6322381826a448cc3618ad343ebba8e82d309984
- SHA256
  
  359e02b2d5f52a490ef6811663993437866b52e86e9c9c4e633f30b716d73883
- SHA512
  
  30b9248a37190f486c3507eb517fb9ca2153b2ecb1989ff3e1aebc8c0b63507ca776dc08e4976e94308075a9d848aee4fedf9d2579d2be1ce12f14a0caf14e73
Score

10^/10

formbook duj evasion rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookdujevasionratspywarestealertrojan

behavioral2

formbookdujevasionratspywarestealertrojan

© 2018-2024

Terms | Privacy