formbook | f57f1421d36e94a64e8187e1dfbe255dde5b3e851df8d3e8350dd2a3844aac76 | Triage

Submit
Reports

Overview

overview

Static

static

f57f1421d3...76.exe

windows7_x64

f57f1421d3...76.exe

windows10-2004_x64

Sharing

General

Target

f57f1421d36e94a64e8187e1dfbe255dde5b3e851df8d3e8350dd2a3844aac76
Size

926KB
Sample

220530-ktc6dscadn
MD5

599de5976e8a5df084f4ab499f218450
SHA1

cd66f37a6babddbfda172355e6a2c58b0087e051
SHA256

f57f1421d36e94a64e8187e1dfbe255dde5b3e851df8d3e8350dd2a3844aac76
SHA512

0f8dc2bc43e49f4a822f9e67494e214b05ded0f86550e8b412ad9968a72a122e412dcf4c44adabd19f95ef5eceb3003408a83efb231a7cf13a9fa2374acf964b

Score

10^/10

formbook g2m3 rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

f57f1421d36e94a64e8187e1dfbe255dde5b3e851df8d3e8350dd2a3844aac76.exe

Resource

win7-20220414-en

formbook g2m3 rat spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f57f1421d36e94a64e8187e1dfbe255dde5b3e851df8d3e8350dd2a3844aac76.exe

Resource

win10v2004-20220414-en

formbook g2m3 rat spyware stealer suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g2m3

Decoy

stocktonfingerprinting.com

metaaiqr.com

junicy.com

libertymutualgrou.com

jklhs7gl.xyz

alex-covalcova.space

socialfiguild.com

drnicholasreid.com

androidappprogrammierie.com

relatingtohumans.com

jitsystems.com

gbwpmz.com

lesaventuresdecocomango.com

wu8ggqdv077p.xyz

autnvg.com

wghakt016.xyz

lagosian.store

hilldoor.com

oculos-ajustavel-br.xyz

nameniboothac.com

lifuyao.com

cardinalsplayerstore.com

pholoniex-an.xyz

clarensis.com

wu8d616yyt6z.xyz

uidrp.com

gents.style

npwpkl.com

xn--kinsithrapeute-dkbe.xyz

cruzinu.xyz

raverwren.net

veuology.com

armbandtas.com

77xy.xyz

racingsilks-nft.com

academiademujerespro.com

makciakla.com

hopejustmade.com

catrionatowriss.com

kcebtaz.xyz

hongjunwuliu.com

vegecru.com

sidesofthenorth.com

buytacpyshop.xyz

nexuslanka.com

benormxukraine.xyz

hnart-child.com

globalrockstar.xyz

ilovesinglemoms.com

ollorhythm.com

ozkonyalikebap.com

kenmark-inc.com

recuerdosoxidados.com

interviewacomicnerd.com

have4grand.com

mcattoneys.com

ksherill.com

greenelectricmotors.com

matercenter.com

anwisystems.com

buylowatlanta.com

1stuebc.com

topbunkconsulting.com

heathlytrim.com

autnvg.com

Targets

- Target
  
  f57f1421d36e94a64e8187e1dfbe255dde5b3e851df8d3e8350dd2a3844aac76
- Size
  
  926KB
- MD5
  
  599de5976e8a5df084f4ab499f218450
- SHA1
  
  cd66f37a6babddbfda172355e6a2c58b0087e051
- SHA256
  
  f57f1421d36e94a64e8187e1dfbe255dde5b3e851df8d3e8350dd2a3844aac76
- SHA512
  
  0f8dc2bc43e49f4a822f9e67494e214b05ded0f86550e8b412ad9968a72a122e412dcf4c44adabd19f95ef5eceb3003408a83efb231a7cf13a9fa2374acf964b
Score

10^/10

formbook g2m3 rat spyware stealer suricata trojan
- Detects win.formbook.
  5.
- FormBook
  3.
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- autogenerated rule brought to you by yara-signator
  4.
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Command-Line Interface

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookg2m3ratspywarestealersuricatatrojan

behavioral2

formbookg2m3ratspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy