formbook | a6e702e43965539bad67320474a1abe16545481c599c2200acabe41ec2ce4eb7 | Triage

Submit
Reports

Overview

overview

Static

static

Attached T...5).exe

windows7-x64

Attached T...5).exe

windows10-2004-x64

Sharing

General

Target

Attached TT Payment Copy(USD 198,550.05).exe
Size

765KB
Sample

220801-kxfqpafgfn
MD5

38aaaf950849630a2a3282b203532d79
SHA1

6448bd7ab4c04294020479963e53f0fbbe4ecc28
SHA256

a6e702e43965539bad67320474a1abe16545481c599c2200acabe41ec2ce4eb7
SHA512

9de881c36367c42c639dc659c2f1565ee264909dd6823e26a97b05acc4c0ed3a30a6ed0d4d58c556d76fa6a2c1e8e29d731a43143df9c5b775f16b7222b4c0f3

Score

10^/10

formbook d27e rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Attached TT Payment Copy(USD 198,550.05).exe

Resource

win7-20220715-en

formbook d27e rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Attached TT Payment Copy(USD 198,550.05).exe

Resource

win10v2004-20220721-en

formbook d27e rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d27e

Decoy

lilysbusride.com

cloud-sechs.com

danpro.co.uk

wendoortech.com

playgroundrebellion.com

betventures.xyz

digimediasolution.net

abrahambetrayedus.com

whinefree.com

realeurolicence.com

makelovetrip.com

damediaagency.com

pinaralsan.com

5bobitw.com

shootingkarelia.online

website-staging.pro

manassadhvi.online

bathroomandkitcenking.com

realtormarket.net

dfysupport.com

class-flow.com

migstrip.online

qnacontracting.com

namaste-events.com

yestifications.com

indigoartandclothing.com

resultedu.com

digitalworldp.com

phase7assured.com

hirejar.site

leadstosuccessdental.com

ebooksonline4u.com

prosperbags.com

binarytreetech.com

jenpetronellatattoos.com

purpleduckdesign.net

merceriasen.xyz

shinnadesign.online

perubahantariftransaksi.website

jhanca.site

tacoslawera.com

majorappliancepros.com

kemiandsalam22.com

skipperage.info

tabulose-lust.xyz

wahproducts.com

mcleod.top

acepaintingservice.com

longtaidazong.com

spit2dabeat.com

jthecreator.net

sanhelu00.top

ipcemea.info

uniofilm.com

kitchenbw.space

abiccreats.com

southamptonvac.com

zavodalabda.xyz

mahahills.com

careers01-cxeinc.com

betteryourfinancial.info

buyfarfalla.com

moesoldmine.com

sioreu.com

havehealthybloodsugar.com

Targets

- Target
  
  Attached TT Payment Copy(USD 198,550.05).exe
- Size
  
  765KB
- MD5
  
  38aaaf950849630a2a3282b203532d79
- SHA1
  
  6448bd7ab4c04294020479963e53f0fbbe4ecc28
- SHA256
  
  a6e702e43965539bad67320474a1abe16545481c599c2200acabe41ec2ce4eb7
- SHA512
  
  9de881c36367c42c639dc659c2f1565ee264909dd6823e26a97b05acc4c0ed3a30a6ed0d4d58c556d76fa6a2c1e8e29d731a43143df9c5b775f16b7222b4c0f3
Score

10^/10

formbook d27e rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookd27eratspywarestealertrojan

behavioral2

formbookd27eratspywarestealertrojan

© 2018-2024

Terms | Privacy