formbook | 3dac62c4aec24d40cde7d96891550836d8af9e16c19b995fec79237ff46c0e29 | Triage

Submit
Reports

Overview

overview

Static

static

kPh6WRec6vqbCLC.exe

windows7-x64

kPh6WRec6vqbCLC.exe

windows10-2004-x64

Sharing

General

Target

kPh6WRec6vqbCLC.exe
Size

659KB
Sample

220817-m1nxksheh9
MD5

2f7f4536da9c17e0353b4bf7d6cfd9f5
SHA1

f6ff3bf102f05e5d321d6687b75499115efaa951
SHA256

3dac62c4aec24d40cde7d96891550836d8af9e16c19b995fec79237ff46c0e29
SHA512

11c5cdae33152248ded03aef9cac624edd3cf43565c4833e330116ec96b943162f9eccf5682532a10f98723d08ef315eb2c6fff4443c678392ff9cdbdd90c7f1
SSDEEP

12288:XoKZl11R/5P4V6q7RQIRdPeV8TEBwa3k4FCwho/M16eNfnYH+/S:4KjPo1Q0P7TWwwkdubfC

Score

10^/10

formbook o2e7 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

kPh6WRec6vqbCLC.exe

Resource

win7-20220812-en

formbook o2e7 rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

kPh6WRec6vqbCLC.exe

Resource

win10v2004-20220812-en

formbook o2e7 rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o2e7

Decoy

genvivwink.com

paramotos.space

bolsanoir.com

techblog.asia

seophreak.com

agitationt.net

jenniferlearmontcelebrant.com

biggsales.space

barkerprintsolutions.com

jesuspatriot.com

clinicaamadeolosmochis.com

lowbackpaindecoded.com

mumbaimasjid.com

masooliflourmillers.com

incopetent.com

andresramosweb.com

betonamubukkyoshinjakai.com

pukimail.net

erohlimitcrown.site

bodogegarden.com

rings-22556.com

automotivetools.website

intensemarijuana.com

walkindence.com

dakotagraphics.co.uk

sinonline.co.uk

zgzxgrw.com

247raf.taxi

dexfipro.com

c-me321.com

daisen-midoriso.com

liuzhazha.com

myuahome.life

gostneraviation.com

ranaranjhalaw.com

globalgunshop.com

gatirop.online

hyiphk.com

gabrielfischermusic.com

utexbenefit.com

antoinedaviscoaching.com

jquerytour.com

xplore-middleast.com

championsconsultoria.com

changeyourworldkit.com

xn--solanlite-476d.com

trylovenowlearning.com

uselessread.com

loveazoasis.com

dpcome.com

grampcam.com

projectvenus.net

netelm.com

ustopbrands.online

miradigital.info

greatdanetech.com

jassepomeri.xyz

mx-ph.wtf

acumendev.site

nerocasa.com

blueshawk.info

electricave.city

louinccrafts.co.uk

ronsphotoshop.com

lojaalfaofertas.com

Targets

- Target
  
  kPh6WRec6vqbCLC.exe
- Size
  
  659KB
- MD5
  
  2f7f4536da9c17e0353b4bf7d6cfd9f5
- SHA1
  
  f6ff3bf102f05e5d321d6687b75499115efaa951
- SHA256
  
  3dac62c4aec24d40cde7d96891550836d8af9e16c19b995fec79237ff46c0e29
- SHA512
  
  11c5cdae33152248ded03aef9cac624edd3cf43565c4833e330116ec96b943162f9eccf5682532a10f98723d08ef315eb2c6fff4443c678392ff9cdbdd90c7f1
- SSDEEP
  
  12288:XoKZl11R/5P4V6q7RQIRdPeV8TEBwa3k4FCwho/M16eNfnYH+/S:4KjPo1Q0P7TWwwkdubfC
Score

10^/10

formbook o2e7 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbooko2e7ratspywarestealertrojan

behavioral2

formbooko2e7ratspywarestealertrojan

© 2018-2024

Terms | Privacy