formbook | 2d7051de1420deab48e7d25638ae6c6a72ccc503c4c6d153139feec4861f573f | Triage

Submit
Reports

Overview

overview

Static

static

Ordem de c...df.exe

windows7_x64

Ordem de c...df.exe

windows10-2004_x64

Sharing

General

Target

Ordem de compra para julho.pdf.zip
Size

552KB
Sample

220629-tmlnmacfb3
MD5

64baf61a0be4f79f619fdf56fab0aaea
SHA1

8ab445e801a15c500d6cdca22a9864aaf72229bf
SHA256

2d7051de1420deab48e7d25638ae6c6a72ccc503c4c6d153139feec4861f573f
SHA512

da2eb5c031ac4db3cafbbf0581d0a156fc94958cd1659209c8c03721061cb48cec328ea900c0bbb09b7f7e6cfd056f1bdbb639f513bd49f6e416b2f8cbc6436d

Score

10^/10

formbook de08 rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

Ordem de compra para julho.pdf.exe

Resource

win7-20220414-en

formbook de08 rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Ordem de compra para julho.pdf.exe

Resource

win10v2004-20220414-en

formbook de08 rat spyware stealer suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

de08

Decoy

retirecloudyyard.com

fabiyan.xyz

chrisarlyde.com

selapex.com

vivalosgales.com

specialty-medicine.com

contasesolucoes.com

satunusanews.net

allyibc.com

alameda1876.com

artofdala.com

yukoidusp.xyz

steeldrumbandnearme.com

stonewedgetechnology.com

kentonai.com

macquarie-private.com

ddgwy.com

megagreenhousekits.com

descomplicaomarketing.com

inclusiverealtor.com

themummyfront.club

computerfashiondesigns.com

ericparlatore.com

whathappened2me.com

baksomail.xyz

mugupplatform.com

shopsolutely.com

gymcservices.com

qianshunchina.com

zoomsbshab.icu

esrmtech.com

966211.com

stockinsidepr.com

df-wh.com

smartshopapps.com

kayseriadsl.com

acedesserts.com

205qs.com

ei8i.com

aibtly.com

kpviewllc.net

nnehandebol.com

torontonianapparel.ca

therealgoldenganjagang.com

mingxiang99.com

rewkagcompany.xyz

ahmee4.com

valen.info

vacuumfun.parts

fabiyan.xyz

psncareersolutions.com

escobargroups.com

michigandice.com

ey3solutions.com

li-n.info

puingkehancuran.xyz

bilt-green.com

dfysuitetech.xyz

abdoomar.com

actsaka.xyz

justsweatitout.com

axabank.life

billyyaka.com

mypatchtools.com

epulsive.com

Targets

- Target
  
  Ordem de compra para julho.pdf.exe
- Size
  
  687KB
- MD5
  
  01ac3fb5a4476de95369f325ea906ea5
- SHA1
  
  e291db506ea6b82f60b1b5e035f764595d6b7f3c
- SHA256
  
  b6426721805cf7ba17f04f3ab2540c182758682a0b6397ee277f4f3aa3709bd1
- SHA512
  
  548686caf1858bb22aaebee04c0ee0a8fef3d4f4577a6700dbbfe213d34654e621be09927bbddff418c61c33c9380c8a6f92ffe3ae202ab53c149d5f80dd40ca
Score

10^/10

formbook de08 rat spyware stealer trojan suricata
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Command-Line Interface

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookde08ratspywarestealertrojan

behavioral2

formbookde08ratspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy