formbook | 371982ab20054b57f6cd8698e9f64498c7a857b412d370febbf44d8cbe7f2285 | Triage

Submit
Reports

Overview

overview

Static

static

QUOTE.exe

windows7-x64

QUOTE.exe

windows10-2004-x64

Sharing

General

Target

QUOTE.exe
Size

705KB
Sample

220804-lw79zsefcm
MD5

69cce648572c35889b741d72ecfe9690
SHA1

2a86fae70b64f4266fa653bd5742fb558e5a5d41
SHA256

371982ab20054b57f6cd8698e9f64498c7a857b412d370febbf44d8cbe7f2285
SHA512

3ec1973dbc4f2d55d3e567d9b38993f79ef8f8746c701445b3d9e5d4e021647eb4fec22e9775d4ecc342444b5f35f2fa7daa98a42b63a73ee27309efe4b28fde

Score

10^/10

formbook ee27 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

QUOTE.exe

Resource

win7-20220715-en

formbook ee27 rat spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

QUOTE.exe

Resource

win10v2004-20220722-en

formbook ee27 rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ee27

Decoy

gasimportsfiles.com

hospitaljobsindia.com

mymortgagecantips.xyz

yourenotalone.world

livethejesuslife.com

sobernv.com

bobgruber.online

badu100.com

id98qq12.com

naturalex.co.uk

metathrillrides.com

blessingstowing.com

juddsbarandgrill.com

qrcodemania.com

haodaculture.com

obot.xyz

soupmortgagemark.xyz

top-road.com

xiaoterv.com

madrstyonline.com

lntmemories.com

codeverse.store

coleadersolutions.com

xn--2i0bs4kuxch7w.com

trumanridgekc.com

urbansummerfest.com

prelistingphotos.com

ncknights.com

demo-box.com

rifinastore.com

costamp.online

growthdigitalstudios.com

mso-4.com

rebeccast.club

mobilebusinessmoneymachine.com

hardmails.com

taylorbeckerhair.com

bradarender.com

urfahaberdar.com

evershinetransportltd.co.uk

perfecttime.club

phch.pro

fccxzb.site

myassetssecured.com

mysticmindpublishingacademy.com

energyharvesting.online

nhckom.com

tomiburkolo.com

uplandshell.com

tabularasa.net.cn

pagosahanger.com

apicemtech.com

doomscene.com

yqxinydz.com

lolmaster.host

massageindenton.uk

95hillerdr.com

paymentwize.com

tamwen.app

4any4all.com

neustabos.com

jedonnadingesforgpboe.com

dabeiw.com

thatpaintlady.com

ndcolledge-traducteur.com

Targets

- Target
  
  QUOTE.exe
- Size
  
  705KB
- MD5
  
  69cce648572c35889b741d72ecfe9690
- SHA1
  
  2a86fae70b64f4266fa653bd5742fb558e5a5d41
- SHA256
  
  371982ab20054b57f6cd8698e9f64498c7a857b412d370febbf44d8cbe7f2285
- SHA512
  
  3ec1973dbc4f2d55d3e567d9b38993f79ef8f8746c701445b3d9e5d4e021647eb4fec22e9775d4ecc342444b5f35f2fa7daa98a42b63a73ee27309efe4b28fde
Score

10^/10

formbook ee27 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookee27ratspywarestealertrojan

behavioral2

formbookee27ratspywarestealertrojan

© 2018-2024

Terms | Privacy