formbook | e240812c35bacf92c202060e8cf794cea45794d87188d0aa8d20957f07299b01 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

e240812c35bacf92c202060e8cf794cea45794d87188d0aa8d20957f07299b01
Size

28KB
Sample

220727-ra7dfseedr
MD5

6aa3ec01c02065ec554c4d9e7c487a82
SHA1

53b6ae871fdd19e420b2723f2f35465d8b791ad5
SHA256

e240812c35bacf92c202060e8cf794cea45794d87188d0aa8d20957f07299b01
SHA512

ee4df39cd8b306f7a1cd6e1bdf442b197cad984cab8659e8342ae7a07f7e189e4c3a8f2d7136ce1a9cf0db5fb6065d16b3871c6bbb5704431a2bc4dfe58a2169

Score

10^/10

formbook s4s9 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

e240812c35bacf92c202060e8cf794cea45794d87188d0aa8d20957f07299b01.exe

Resource

win10-20220722-en

formbook s4s9 rat spyware stealer trojan

windows10-1703-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s4s9

Decoy

qianyuandianshang.com

bernardklein.com

slhomeservices.com

findasaas.com

janellelancaster.xyz

umkpro.site

nr6949.online

mersquare.club

lanariproperties.com

3rdeyefocused.com

giftexpress8260.xyz

hilleleven.xyz

beajod.com

kosazs.online

ishare.team

mb314.com

xjjinxingda.com

ayekooprojectamazing.com

ballsybanter.com

todayshoppingbd.com

recomdietvl.store

zakladmalarstwa.com

bj-ours.com

hubwealth.com

watchmyreview.com

sallyliddicoat.com

eventiliveitalia.com

worldchannelconference.com

suciptahadi.online

ksht5566.com

topfastcashsystemwebshop.com

eyeiieyetv.com

thewarchannel.net

valorousgamers.com

vip01ytre.xyz

szec.tech

233365.xyz

specialroute.net

eugenachase.com

pikoulas.com

shorter-658423.site

win8856.com

burleyqpersianscom.com

sidetrackedmusic.com

chungketvinhomesspotlight.com

qiange.site

motconsultant.com

yottatic.com

usaprostatecenter.com

putovanjazasve.com

kozykornerpizza.com

hainpore.com

52appmj.com

albanyskylights.com

keropy.xyz

infosecrety.xyz

ethlogo.com

labohack.com

veridiumid.xyz

gaylebong.com

rsmegastore.com

janschlesinger.com

cshong-ya.com

shopevix.com

preciousssllc.net

Targets

- Target
  
  e240812c35bacf92c202060e8cf794cea45794d87188d0aa8d20957f07299b01
- Size
  
  28KB
- MD5
  
  6aa3ec01c02065ec554c4d9e7c487a82
- SHA1
  
  53b6ae871fdd19e420b2723f2f35465d8b791ad5
- SHA256
  
  e240812c35bacf92c202060e8cf794cea45794d87188d0aa8d20957f07299b01
- SHA512
  
  ee4df39cd8b306f7a1cd6e1bdf442b197cad984cab8659e8342ae7a07f7e189e4c3a8f2d7136ce1a9cf0db5fb6065d16b3871c6bbb5704431a2bc4dfe58a2169
Score

10^/10

formbook s4s9 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbooks4s9ratspywarestealertrojan

© 2018-2024

Terms | Privacy