formbook | af7fd0b62692c6036f4f1f15a21840a7fa3939f1f3aa1b2407d018f4f4d00bf3 | Triage

Submit
Reports

Overview

overview

Static

static

NEW_PO.exe

windows7-x64

NEW_PO.exe

windows10-2004-x64

Sharing

General

Target

NEW PO.IMG
Size

1.2MB
Sample

220804-rgzl7aggal
MD5

f7515c2bddf418bc3101b5b969d5269f
SHA1

254a60c35d6c73fb2cc9fbc1e122bd92624d6601
SHA256

af7fd0b62692c6036f4f1f15a21840a7fa3939f1f3aa1b2407d018f4f4d00bf3
SHA512

83bae8d7b0956973c8d6fef9e04106d43c90bba5e2ed0ef672ff7da0d30701a4bdf24d1e6620e5874b64c4d277dafbbec766cd94f83af2f5834ecbd63652b25b

Score

10^/10

formbook d27e rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

NEW_PO.exe

Resource

win7-20220718-en

formbook d27e rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEW_PO.exe

Resource

win10v2004-20220721-en

formbook d27e rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d27e

Decoy

lilysbusride.com

cloud-sechs.com

danpro.co.uk

wendoortech.com

playgroundrebellion.com

betventures.xyz

digimediasolution.net

abrahambetrayedus.com

whinefree.com

realeurolicence.com

makelovetrip.com

damediaagency.com

pinaralsan.com

5bobitw.com

shootingkarelia.online

website-staging.pro

manassadhvi.online

bathroomandkitcenking.com

realtormarket.net

dfysupport.com

class-flow.com

migstrip.online

qnacontracting.com

namaste-events.com

yestifications.com

indigoartandclothing.com

resultedu.com

digitalworldp.com

phase7assured.com

hirejar.site

leadstosuccessdental.com

ebooksonline4u.com

prosperbags.com

binarytreetech.com

jenpetronellatattoos.com

purpleduckdesign.net

merceriasen.xyz

shinnadesign.online

perubahantariftransaksi.website

jhanca.site

tacoslawera.com

majorappliancepros.com

kemiandsalam22.com

skipperage.info

tabulose-lust.xyz

wahproducts.com

mcleod.top

acepaintingservice.com

longtaidazong.com

spit2dabeat.com

jthecreator.net

sanhelu00.top

ipcemea.info

uniofilm.com

kitchenbw.space

abiccreats.com

southamptonvac.com

zavodalabda.xyz

mahahills.com

careers01-cxeinc.com

betteryourfinancial.info

buyfarfalla.com

moesoldmine.com

sioreu.com

havehealthybloodsugar.com

Targets

- Target
  
  NEW_PO.EXE
- Size
  
  703KB
- MD5
  
  ffe037deca0641fac8353d65db14d3ed
- SHA1
  
  5324aa903669c0b1417ea69f5fdab01600a37527
- SHA256
  
  bd14376c2116d73ced555431ec6b80afce2dbb13b36843edea366e897e32c360
- SHA512
  
  84f0e47107f11c0bf0622598797f216e14f2715cf756473b7ebf8892a8378d62c2a9b88f5582ac40a9e7bb13e4891315fee92607524d057aabed3eedcc9af580
Score

10^/10

formbook d27e rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookd27eratspywarestealertrojan

behavioral2

formbookd27eratspywarestealertrojan

© 2018-2024

Terms | Privacy