formbook | 1f364b54ed1d03b1f87fe2bf0d7a376029298c3250611dab92dcba2d210afe1d | Triage

Submit
Reports

Overview

overview

Static

static

HSBC_MT 10...df.exe

windows7-x64

HSBC_MT 10...df.exe

windows10-2004-x64

Sharing

General

Target

HSBC_MT 103 COPY.pdf.exe
Size

857KB
Sample

220825-xr3dqahcgp
MD5

3dfd937682599beaeb0ba57dcabe4638
SHA1

6e65a4de334ececb97add5e15ce6b55e1edf7ae9
SHA256

1f364b54ed1d03b1f87fe2bf0d7a376029298c3250611dab92dcba2d210afe1d
SHA512

9300f3bc9eeefc972a35189ffb85e6a28465f77d3a4ece17db5492f73dfca6b2f771f373b623e082d3b4b077ed9dfeec10ab50a0119d145984fccfbe3b35488d
SSDEEP

24576:ADCaT/0shbH1RT/0shb+M1X2S3plUdMW+1JhpuVerBG:al5x4GjsdMTn6eF

Score

10^/10

formbook ba17 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

HSBC_MT 103 COPY.pdf.exe

Resource

win7-20220812-en

formbook ba17 rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

HSBC_MT 103 COPY.pdf.exe

Resource

win10v2004-20220812-en

formbook ba17 rat spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ba17

Decoy

bearwant.com

sdsguanfang.com

steamcommunityvia.top

sugarplumtreasures.com

koronislakefishing.com

jmae.xyz

xhxnqemkiqe.xyz

playzcrew.com

zatwsbq.com

lankofix.com

sh-zhepeng.com

mibodamisxv.online

butterflyjewelry.store

finestrecitalto-spottoday.info

globomateria.com

royalmdarts.com

d4af10836709.com

shepwill.com

67aldrich.info

trustedmakers.club

burdiezholdings.com

facialcoach.com

hunterous.com

carei.xyz

positivityintheworkplace.com

top1productjapan.online

camperrentnovara.com

nostalgiaz.xyz

prepperandsalt.com

platinum-swallow-nest.com

jmdadoag.com

cornerstonesolarconsulting.com

carmelhasit.com

hospitalaurelia.com

epolystars.com

best5psychicreadingsites.com

cbradleyowens.com

cmshelps.com

leclefsdor.com

male-muscle-slave.cloud

eselinchen.com

statesunitedaction.net

goweet.com

hififurniturehouse.info

alphacapitaltrust.online

hotsellmed.com

sunxueling.com

firstclass-poolservice.com

tuveranopelayo.com

wayangslot.net

joseauto.net

consinko.com

pacificoffshorecharters.com

steemboard.xyz

poollife.info

miraihenokoibumi.net

mfh-sa.com

seontra.xyz

openfaders.com

guardianz.online

purse.gold

affaire-chaba.com

rosency.xyz

somethingform.site

digitalpursuitsonline.com

Targets

- Target
  
  HSBC_MT 103 COPY.pdf.exe
- Size
  
  857KB
- MD5
  
  3dfd937682599beaeb0ba57dcabe4638
- SHA1
  
  6e65a4de334ececb97add5e15ce6b55e1edf7ae9
- SHA256
  
  1f364b54ed1d03b1f87fe2bf0d7a376029298c3250611dab92dcba2d210afe1d
- SHA512
  
  9300f3bc9eeefc972a35189ffb85e6a28465f77d3a4ece17db5492f73dfca6b2f771f373b623e082d3b4b077ed9dfeec10ab50a0119d145984fccfbe3b35488d
- SSDEEP
  
  24576:ADCaT/0shbH1RT/0shb+M1X2S3plUdMW+1JhpuVerBG:al5x4GjsdMTn6eF
Score

10^/10

formbook ba17 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookba17ratspywarestealertrojan

behavioral2

formbookba17ratspywarestealertrojan

© 2018-2024

Terms | Privacy