formbook | 5af12eff648e8c7aed0ad5933ba0c874c1ec33e35fcce1591cb26b5b680ccd73 | Triage

Submit
Reports

Overview

overview

Static

static

PO AU74356...ne.exe

windows7_x64

Sharing

General

Target

PO AU74356 – For Mid June.rar
Size

605KB
Sample

220531-s5ykgafcfm
MD5

a67ad0da396537ef2c9b9b3b915ab4e6
SHA1

ca6d7dcdec4fd21809b312d3aea408ffa4d95470
SHA256

5af12eff648e8c7aed0ad5933ba0c874c1ec33e35fcce1591cb26b5b680ccd73
SHA512

bc61e3ef1f3a2880f48b20421f5ae8611a9c923e104573eab5a011433582a6cdb9b1179c597f398982f8f830d173496e634cde638c7db601287e29423faef6b5

Score

10^/10

formbook t19g rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

PO AU74356 – For Mid June.exe

Resource

win7-20220414-en

formbook t19g rat spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t19g

Decoy

playstationspiele.com

cakesbyannal.com

racepin.space

anti-offender.com

magnetque.com

farragorealtybrokerage.com

khuludmohammed.com

v33696.com

84ggg.com

d440.com

soccersmarthome.com

ofthis.world

fivestaryardcards.com

lusyard.com

gghft.com

viajesfortur.com

rationalirrationality.com

hanaramenrestaurant.com

exactlycleanse.com

martensenargentina.com

michellesellsvt.com

pupsloveandlondon.com

kfhym.world

makeuphoje.com

ebookrise.com

flesherbrothers.com

doonaudio.com

doanet.xyz

wrghintlian.com

davidchristl.com

domaintch.com

quotereflection.com

eroptikblog.xyz

iranianinvestmentclub.com

cp200motorola.com

vsenq.com

theamazonmovement.com

aspiteksoln.com

perkebunannews.com

myreverie.life

hrddf.com

gblaincreative.com

lipsstreet.com

xxf76.top

dureluxx.com

heldelicioso.com

taskconsulting.com

dongcunzhengfu.com

itohpe.com

abundantskill.com

fernhutco.com

hairgrowthxpert.com

intelligentreportscloud.com

maybesupply.com

7156.world

cr-marcelo.com

shequipamentos.com

villeenvie.net

robbyscreations.com

mpaohead.com

nailsa.biz

accoladesandmore.com

preppers.pro

pinpinduo2.xyz

allsofttech.com

Targets

- Target
  
  PO AU74356 – For Mid June.exe
- Size
  
  675KB
- MD5
  
  e524708edfa0588f48c1f82421262794
- SHA1
  
  a4af13dba0ce7be02f3d3408a34071df9c927d5d
- SHA256
  
  fa100b947c2ad8d93cc6f323547650927145917919bf06e33532fb28903d09a6
- SHA512
  
  e27f2bff8afd7d2962c06bacb011417616db9762fcf810abfd928585d793f347506f825e825e516af59ce433f5521b8c49caa6486cf1f20360d2aba65ac7abd1
Score

10^/10

formbook t19g rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookt19gratspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy