formbook | 205f40228597bee4de6da0f386c14fde658b7dc6956fb2839a98504b48bd9377 | Triage

Submit
Reports

Overview

overview

Static

static

HSBC_MT 10...df.exe

windows7-x64

HSBC_MT 10...df.exe

windows10-2004-x64

Sharing

General

Target

HSBC_MT 103 COPY.pdf.exe
Size

913KB
Sample

220827-hrg1fsgdg3
MD5

83f30904b0fb2c78fddeae79947701b5
SHA1

adecde754012010933b1f721025a470492a5842c
SHA256

205f40228597bee4de6da0f386c14fde658b7dc6956fb2839a98504b48bd9377
SHA512

ac011ebd3b4a1b1ffe6e6be52c8ec1847982cab91982b975ebf210cd175fb46be19f41c3f11c327f59b2bc305bfa3434f04e1b6c4ad3be9d314f25f8e71774a6
SSDEEP

24576:c5+rnaCWsDcWI+H3JOicO+PXG+/AG6K5:WUv/Dl3AK+n/AG6K5

Score

10^/10

formbook ba17 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

HSBC_MT 103 COPY.pdf.exe

Resource

win7-20220812-en

formbook ba17 rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

HSBC_MT 103 COPY.pdf.exe

Resource

win10v2004-20220812-en

formbook ba17 rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ba17

Decoy

bearwant.com

sdsguanfang.com

steamcommunityvia.top

sugarplumtreasures.com

koronislakefishing.com

jmae.xyz

xhxnqemkiqe.xyz

playzcrew.com

zatwsbq.com

lankofix.com

sh-zhepeng.com

mibodamisxv.online

butterflyjewelry.store

finestrecitalto-spottoday.info

globomateria.com

royalmdarts.com

d4af10836709.com

shepwill.com

67aldrich.info

trustedmakers.club

burdiezholdings.com

facialcoach.com

hunterous.com

carei.xyz

positivityintheworkplace.com

top1productjapan.online

camperrentnovara.com

nostalgiaz.xyz

prepperandsalt.com

platinum-swallow-nest.com

jmdadoag.com

cornerstonesolarconsulting.com

carmelhasit.com

hospitalaurelia.com

epolystars.com

best5psychicreadingsites.com

cbradleyowens.com

cmshelps.com

leclefsdor.com

male-muscle-slave.cloud

eselinchen.com

statesunitedaction.net

goweet.com

hififurniturehouse.info

alphacapitaltrust.online

hotsellmed.com

sunxueling.com

firstclass-poolservice.com

tuveranopelayo.com

wayangslot.net

joseauto.net

consinko.com

pacificoffshorecharters.com

steemboard.xyz

poollife.info

miraihenokoibumi.net

mfh-sa.com

seontra.xyz

openfaders.com

guardianz.online

purse.gold

affaire-chaba.com

rosency.xyz

somethingform.site

digitalpursuitsonline.com

Targets

- Target
  
  HSBC_MT 103 COPY.pdf.exe
- Size
  
  913KB
- MD5
  
  83f30904b0fb2c78fddeae79947701b5
- SHA1
  
  adecde754012010933b1f721025a470492a5842c
- SHA256
  
  205f40228597bee4de6da0f386c14fde658b7dc6956fb2839a98504b48bd9377
- SHA512
  
  ac011ebd3b4a1b1ffe6e6be52c8ec1847982cab91982b975ebf210cd175fb46be19f41c3f11c327f59b2bc305bfa3434f04e1b6c4ad3be9d314f25f8e71774a6
- SSDEEP
  
  24576:c5+rnaCWsDcWI+H3JOicO+PXG+/AG6K5:WUv/Dl3AK+n/AG6K5
Score

10^/10

formbook ba17 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookba17ratspywarestealertrojan

behavioral2

formbookba17ratspywarestealertrojan

© 2018-2024

Terms | Privacy