formbook | 6d8b3ede99045fbe38ba6887f52c008d3bdd62bdd38ac39c7b115dafcd23389d | Triage

Submit
Reports

Overview

overview

Static

static

Request fo...on.exe

windows7-x64

Request fo...on.exe

windows10-2004-x64

Sharing

General

Target

Request for Quotation.exe
Size

822KB
Sample

220823-ppg11ahfa3
MD5

37d2d87f110760705ea13cb03412c3b4
SHA1

64ff81224efeb261ea1baf795d8a1c31eb07f84b
SHA256

6d8b3ede99045fbe38ba6887f52c008d3bdd62bdd38ac39c7b115dafcd23389d
SHA512

6e8aa9be962c366b0c6d51e22e0bd7577d1a0aae7faf44bb3f496e8af844455c2b75d2a6db6aacde2151a46e342149a580d6d375ac21881bec5731e324e76f50
SSDEEP

12288:FtJN97fJYdQn1OMl4hjm80HpVr/GWizOLN1Ya581PAK6fHkN00+JK0u7yQhpQEos:lv7f4OwjWHpw1akww

Score

10^/10

formbook o2e7 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Request for Quotation.exe

Resource

win7-20220812-en

formbook o2e7 rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Request for Quotation.exe

Resource

win10v2004-20220812-en

formbook o2e7 rat spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o2e7

Decoy

genvivwink.com

paramotos.space

bolsanoir.com

techblog.asia

seophreak.com

agitationt.net

jenniferlearmontcelebrant.com

biggsales.space

barkerprintsolutions.com

jesuspatriot.com

clinicaamadeolosmochis.com

lowbackpaindecoded.com

mumbaimasjid.com

masooliflourmillers.com

incopetent.com

andresramosweb.com

betonamubukkyoshinjakai.com

pukimail.net

erohlimitcrown.site

bodogegarden.com

rings-22556.com

automotivetools.website

intensemarijuana.com

walkindence.com

dakotagraphics.co.uk

sinonline.co.uk

zgzxgrw.com

247raf.taxi

dexfipro.com

c-me321.com

daisen-midoriso.com

liuzhazha.com

myuahome.life

gostneraviation.com

ranaranjhalaw.com

globalgunshop.com

gatirop.online

hyiphk.com

gabrielfischermusic.com

utexbenefit.com

antoinedaviscoaching.com

jquerytour.com

xplore-middleast.com

championsconsultoria.com

changeyourworldkit.com

xn--solanlite-476d.com

trylovenowlearning.com

uselessread.com

loveazoasis.com

dpcome.com

grampcam.com

projectvenus.net

netelm.com

ustopbrands.online

miradigital.info

greatdanetech.com

jassepomeri.xyz

mx-ph.wtf

acumendev.site

nerocasa.com

blueshawk.info

electricave.city

louinccrafts.co.uk

ronsphotoshop.com

lojaalfaofertas.com

Targets

- Target
  
  Request for Quotation.exe
- Size
  
  822KB
- MD5
  
  37d2d87f110760705ea13cb03412c3b4
- SHA1
  
  64ff81224efeb261ea1baf795d8a1c31eb07f84b
- SHA256
  
  6d8b3ede99045fbe38ba6887f52c008d3bdd62bdd38ac39c7b115dafcd23389d
- SHA512
  
  6e8aa9be962c366b0c6d51e22e0bd7577d1a0aae7faf44bb3f496e8af844455c2b75d2a6db6aacde2151a46e342149a580d6d375ac21881bec5731e324e76f50
- SSDEEP
  
  12288:FtJN97fJYdQn1OMl4hjm80HpVr/GWizOLN1Ya581PAK6fHkN00+JK0u7yQhpQEos:lv7f4OwjWHpw1akww
Score

10^/10

formbook o2e7 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Command-Line Interface

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbooko2e7ratspywarestealertrojan

behavioral2

formbooko2e7ratspywarestealertrojan

© 2018-2024

Terms | Privacy