formbook | 74db2755f7b642be3c359976a8e536e23889539a71abfc78585986316ce37c3a | Triage

Submit
Reports

Overview

overview

Static

static

Request Order.exe

windows7-x64

Request Order.exe

windows10-2004-x64

Sharing

General

Target

Request Order.exe
Size

704KB
Sample

220804-nbxnvsfcck
MD5

4c31ff2688b9260ebdeaec1879589f53
SHA1

255f77909fe8d143e3695d4b7a1ec7976f9d2e70
SHA256

74db2755f7b642be3c359976a8e536e23889539a71abfc78585986316ce37c3a
SHA512

74538dc844b228b8079706eca41deaeca38b4b3f798c089dbaf02b16f28c5e55dff4d27c1fe13ea856dfd62e71d8ce4ff0c2dd892c525a542216d791362def35

Score

10^/10

formbook o2e7 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Request Order.exe

Resource

win7-20220718-en

formbook o2e7 rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Request Order.exe

Resource

win10v2004-20220721-en

formbook o2e7 rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o2e7

Decoy

genvivwink.com

paramotos.space

bolsanoir.com

techblog.asia

seophreak.com

agitationt.net

jenniferlearmontcelebrant.com

biggsales.space

barkerprintsolutions.com

jesuspatriot.com

clinicaamadeolosmochis.com

lowbackpaindecoded.com

mumbaimasjid.com

masooliflourmillers.com

incopetent.com

andresramosweb.com

betonamubukkyoshinjakai.com

pukimail.net

erohlimitcrown.site

bodogegarden.com

rings-22556.com

automotivetools.website

intensemarijuana.com

walkindence.com

dakotagraphics.co.uk

sinonline.co.uk

zgzxgrw.com

247raf.taxi

dexfipro.com

c-me321.com

daisen-midoriso.com

liuzhazha.com

myuahome.life

gostneraviation.com

ranaranjhalaw.com

globalgunshop.com

gatirop.online

hyiphk.com

gabrielfischermusic.com

utexbenefit.com

antoinedaviscoaching.com

jquerytour.com

xplore-middleast.com

championsconsultoria.com

changeyourworldkit.com

xn--solanlite-476d.com

trylovenowlearning.com

uselessread.com

loveazoasis.com

dpcome.com

grampcam.com

projectvenus.net

netelm.com

ustopbrands.online

miradigital.info

greatdanetech.com

jassepomeri.xyz

mx-ph.wtf

acumendev.site

nerocasa.com

blueshawk.info

electricave.city

louinccrafts.co.uk

ronsphotoshop.com

lojaalfaofertas.com

Targets

- Target
  
  Request Order.exe
- Size
  
  704KB
- MD5
  
  4c31ff2688b9260ebdeaec1879589f53
- SHA1
  
  255f77909fe8d143e3695d4b7a1ec7976f9d2e70
- SHA256
  
  74db2755f7b642be3c359976a8e536e23889539a71abfc78585986316ce37c3a
- SHA512
  
  74538dc844b228b8079706eca41deaeca38b4b3f798c089dbaf02b16f28c5e55dff4d27c1fe13ea856dfd62e71d8ce4ff0c2dd892c525a542216d791362def35
Score

10^/10

formbook o2e7 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbooko2e7ratspywarestealertrojan

behavioral2

formbooko2e7ratspywarestealertrojan

© 2018-2024

Terms | Privacy