formbook | 4e4a613181ca2a7d225d28b74a6b368746955e5a6cfe8e83e9d9ecb6ab4af48d

Analysis

max time kernel
55s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20220718-en
resource tags

arch:x64arch:x86image:win10v2004-20220718-enlocale:en-usos:windows10-2004-x64system
submitted
20-07-2022 18:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e4a613181ca2a7d225d28b74a6b368746955e5a6cfe8e83e9d9ecb6ab4af48d.exe
Size

312KB
MD5

d108ffedd70fd56406002c2ef2ed769c
SHA1

6839133e6bee88a028964df835006b34264f2f88
SHA256

4e4a613181ca2a7d225d28b74a6b368746955e5a6cfe8e83e9d9ecb6ab4af48d
SHA512

50b3c07f9c77ba346a8375f4426d33edb4bd459cd9333a7443e87f1d1ec82e3bd0be47864d1fb2e1ee6cfdaa0580af3a9a45d2ade70a066cd8516f621dfc2411

Score

10^/10

formbook fr rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

Decoy

koto-saitoshika.com

hamadcartoon.com

findmyperson.com

greenislandspice.com

tzcp5.com

elyfornoville.com

fuqinjiehuodong.com

psog.biz

comercializadoratancitaro.com

marketmuseum.com

yunbaobit.com

weddingvwcamperhire.com

kinetsi.com

garmentsteamersguide.com

firstchoicecorporatehousing.com

musicianunity.com

thetrustsummit.com

xn--v52b27q.com

crismar.net

cawyhy.info

Signatures

Formbook
Formbook is a data stealing malware which is capable of stealing data.
trojan spyware stealer formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
behavioral2/memory/2956-131-0x00000000008B0000-0x0000000000905000-memory.dmp	formbook

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2956	4e4a613181ca2a7d225d28b74a6b368746955e5a6cfe8e83e9d9ecb6ab4af48d.exe
2956	4e4a613181ca2a7d225d28b74a6b368746955e5a6cfe8e83e9d9ecb6ab4af48d.exe

C:\Users\Admin\AppData\Local\Temp\4e4a613181ca2a7d225d28b74a6b368746955e5a6cfe8e83e9d9ecb6ab4af48d.exe
"C:\Users\Admin\AppData\Local\Temp\4e4a613181ca2a7d225d28b74a6b368746955e5a6cfe8e83e9d9ecb6ab4af48d.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2956-130-0x00000000008B0000-0x0000000000905000-memory.dmp

Filesize
340KB

Download
memory/2956-131-0x00000000008B0000-0x0000000000905000-memory.dmp

Filesize
340KB

Download
memory/2956-132-0x0000000004700000-0x0000000004A4A000-memory.dmp

Filesize
3.3MB

Download