formbook | e10cbd14bad3693345f6fa7d09e1336c1b2033900e1b1b55ccf0a76a98b1c79a | Triage

Submit
Reports

Overview

overview

Static

static

cc3b22bd3d...5d.exe

windows7_x64

cc3b22bd3d...5d.exe

windows10-2004_x64

Sharing

General

Target

cc3b22bd3d92f8209de3a45f1b49b05d
Size

854KB
Sample

220628-lq2v1sgeeq
MD5

cc3b22bd3d92f8209de3a45f1b49b05d
SHA1

46f5d875d74b9dc5f4519b6aff1efdf62df70c73
SHA256

e10cbd14bad3693345f6fa7d09e1336c1b2033900e1b1b55ccf0a76a98b1c79a
SHA512

81eef9b07333b31a8016986f15a6ad519e77643bab1f2c557a5bea4014e1626702854c5c180c883c517ecaebd8a1a823da63d2533e7f9f73c0b8a1d7fd4612cf

Score

10^/10

formbook ba17 rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

cc3b22bd3d92f8209de3a45f1b49b05d.exe

Resource

win7-20220414-en

formbook ba17 rat spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cc3b22bd3d92f8209de3a45f1b49b05d.exe

Resource

win10v2004-20220414-en

formbook ba17 rat spyware stealer suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ba17

Decoy

bearwant.com

sdsguanfang.com

steamcommunityvia.top

sugarplumtreasures.com

koronislakefishing.com

jmae.xyz

xhxnqemkiqe.xyz

playzcrew.com

zatwsbq.com

lankofix.com

sh-zhepeng.com

mibodamisxv.online

butterflyjewelry.store

finestrecitalto-spottoday.info

globomateria.com

royalmdarts.com

d4af10836709.com

shepwill.com

67aldrich.info

trustedmakers.club

burdiezholdings.com

facialcoach.com

hunterous.com

carei.xyz

positivityintheworkplace.com

top1productjapan.online

camperrentnovara.com

nostalgiaz.xyz

prepperandsalt.com

platinum-swallow-nest.com

jmdadoag.com

cornerstonesolarconsulting.com

carmelhasit.com

hospitalaurelia.com

epolystars.com

best5psychicreadingsites.com

cbradleyowens.com

cmshelps.com

leclefsdor.com

male-muscle-slave.cloud

eselinchen.com

statesunitedaction.net

goweet.com

hififurniturehouse.info

alphacapitaltrust.online

hotsellmed.com

sunxueling.com

firstclass-poolservice.com

tuveranopelayo.com

wayangslot.net

joseauto.net

consinko.com

pacificoffshorecharters.com

steemboard.xyz

poollife.info

miraihenokoibumi.net

mfh-sa.com

seontra.xyz

openfaders.com

guardianz.online

purse.gold

affaire-chaba.com

rosency.xyz

somethingform.site

digitalpursuitsonline.com

Targets

- Target
  
  cc3b22bd3d92f8209de3a45f1b49b05d
- Size
  
  854KB
- MD5
  
  cc3b22bd3d92f8209de3a45f1b49b05d
- SHA1
  
  46f5d875d74b9dc5f4519b6aff1efdf62df70c73
- SHA256
  
  e10cbd14bad3693345f6fa7d09e1336c1b2033900e1b1b55ccf0a76a98b1c79a
- SHA512
  
  81eef9b07333b31a8016986f15a6ad519e77643bab1f2c557a5bea4014e1626702854c5c180c883c517ecaebd8a1a823da63d2533e7f9f73c0b8a1d7fd4612cf
Score

10^/10

formbook ba17 rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookba17ratspywarestealersuricatatrojan

behavioral2

formbookba17ratspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy