formbook | 13daa4e080cdda1d0506ad74da6ac34e295684cfe7643a34b91264a1fe70646a | Triage

Submit
Reports

Overview

overview

Static

static

Orden de C...te.exe

windows7-x64

Orden de C...te.exe

windows10-2004-x64

Sharing

General

Target

28448ce04581e89bad14fbd0e6953244-sample.zip
Size

652KB
Sample

220726-wawzyacael
MD5

9c1008a2817f19a5da648aa70b28a010
SHA1

49a534679658cb6d836e96adbcafe237a15101ee
SHA256

13daa4e080cdda1d0506ad74da6ac34e295684cfe7643a34b91264a1fe70646a
SHA512

e023fa89f564d0b8f521ad88b7e07babdf7b102f922caf522ce677f130812e74b61d47be06bd5b6888a9509007a1464f8c315cf07a98c60fd397c6d373e9ff33

Score

10^/10

formbook de08 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Orden de Compra Urgente.exe

Resource

win7-20220715-en

formbook de08 rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Orden de Compra Urgente.exe

Resource

win10v2004-20220721-en

formbook de08 rat spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

de08

Decoy

retirecloudyyard.com

fabiyan.xyz

chrisarlyde.com

selapex.com

vivalosgales.com

specialty-medicine.com

contasesolucoes.com

satunusanews.net

allyibc.com

alameda1876.com

artofdala.com

yukoidusp.xyz

steeldrumbandnearme.com

stonewedgetechnology.com

kentonai.com

macquarie-private.com

ddgwy.com

megagreenhousekits.com

descomplicaomarketing.com

inclusiverealtor.com

themummyfront.club

computerfashiondesigns.com

ericparlatore.com

whathappened2me.com

baksomail.xyz

mugupplatform.com

shopsolutely.com

gymcservices.com

qianshunchina.com

zoomsbshab.icu

esrmtech.com

966211.com

stockinsidepr.com

df-wh.com

smartshopapps.com

kayseriadsl.com

acedesserts.com

205qs.com

ei8i.com

aibtly.com

kpviewllc.net

nnehandebol.com

torontonianapparel.ca

therealgoldenganjagang.com

mingxiang99.com

rewkagcompany.xyz

ahmee4.com

valen.info

vacuumfun.parts

fabiyan.xyz

psncareersolutions.com

escobargroups.com

michigandice.com

ey3solutions.com

li-n.info

puingkehancuran.xyz

bilt-green.com

dfysuitetech.xyz

abdoomar.com

actsaka.xyz

justsweatitout.com

axabank.life

billyyaka.com

mypatchtools.com

epulsive.com

Targets

- Target
  
  Orden de Compra Urgente.exe
- Size
  
  757KB
- MD5
  
  96d65af8738de30dfa2283585f11e1e1
- SHA1
  
  fce536c32341baad02ba836a06688ab9f60193b9
- SHA256
  
  a69ee77f4eb102a3528594435748d3a1e2925022a6d986eac8d32feb068c1f36
- SHA512
  
  99364f2a86bb7a10e57642ad176195df04a746cb2e25d3b2562228f61192634ccec3668b008b141a3fb6864fb6f6608dff3721e96613eb31aaf65e5cb5b204ca
Score

10^/10

formbook de08 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookde08ratspywarestealertrojan

behavioral2

formbookde08ratspywarestealertrojan

© 2018-2024

Terms | Privacy