formbook | f0520738f5b3e513d729ec8034c934ab84b803b5fb8c06cf328f279b42e89fa0 | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

f0520738f5b3e513d729ec8034c934ab84b803b5fb8c06cf328f279b42e89fa0
Size

582KB
Sample

220829-f2tqwsdea9
MD5

4347c70ca7302f107a165d6fd272b0e6
SHA1

1aa318f816e82fa3a047d61e4f79dd1b1765e89d
SHA256

f0520738f5b3e513d729ec8034c934ab84b803b5fb8c06cf328f279b42e89fa0
SHA512

071bd1762a28d3a182c588fff09754c9f0bc23fb4cc7d4b8b5b378380161d835d6990ae03281d544a3aab87ed8ed201e4cb88a720275a8fe1427b34b49e6d854
SSDEEP

12288:EE+7B92iNmUaevf9nf5fsuqy1ngZ6NfHJld0XTmT:5qz1xvjfdqyPP6X6T

Score

10^/10

formbook de08 evasion rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

f0520738f5b3e513d729ec8034c934ab84b803b5fb8c06cf328f279b42e89fa0.exe

Resource

win7-20220812-en

formbook de08 evasion rat spyware stealer trojan

windows7-x64

16 signatures

300 seconds

Behavioral task

behavioral2

Sample

f0520738f5b3e513d729ec8034c934ab84b803b5fb8c06cf328f279b42e89fa0.exe

Resource

win10-20220812-en

formbook de08 evasion rat spyware stealer trojan

windows10-1703-x64

14 signatures

300 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

de08

Decoy

retirecloudyyard.com

fabiyan.xyz

chrisarlyde.com

selapex.com

vivalosgales.com

specialty-medicine.com

contasesolucoes.com

satunusanews.net

allyibc.com

alameda1876.com

artofdala.com

yukoidusp.xyz

steeldrumbandnearme.com

stonewedgetechnology.com

kentonai.com

macquarie-private.com

ddgwy.com

megagreenhousekits.com

descomplicaomarketing.com

inclusiverealtor.com

themummyfront.club

computerfashiondesigns.com

ericparlatore.com

whathappened2me.com

baksomail.xyz

mugupplatform.com

shopsolutely.com

gymcservices.com

qianshunchina.com

zoomsbshab.icu

esrmtech.com

966211.com

stockinsidepr.com

df-wh.com

smartshopapps.com

kayseriadsl.com

acedesserts.com

205qs.com

ei8i.com

aibtly.com

kpviewllc.net

nnehandebol.com

torontonianapparel.ca

therealgoldenganjagang.com

mingxiang99.com

rewkagcompany.xyz

ahmee4.com

valen.info

vacuumfun.parts

fabiyan.xyz

psncareersolutions.com

escobargroups.com

michigandice.com

ey3solutions.com

li-n.info

puingkehancuran.xyz

bilt-green.com

dfysuitetech.xyz

abdoomar.com

actsaka.xyz

justsweatitout.com

axabank.life

billyyaka.com

mypatchtools.com

epulsive.com

Targets

- Target
  
  f0520738f5b3e513d729ec8034c934ab84b803b5fb8c06cf328f279b42e89fa0
- Size
  
  582KB
- MD5
  
  4347c70ca7302f107a165d6fd272b0e6
- SHA1
  
  1aa318f816e82fa3a047d61e4f79dd1b1765e89d
- SHA256
  
  f0520738f5b3e513d729ec8034c934ab84b803b5fb8c06cf328f279b42e89fa0
- SHA512
  
  071bd1762a28d3a182c588fff09754c9f0bc23fb4cc7d4b8b5b378380161d835d6990ae03281d544a3aab87ed8ed201e4cb88a720275a8fe1427b34b49e6d854
- SSDEEP
  
  12288:EE+7B92iNmUaevf9nf5fsuqy1ngZ6NfHJld0XTmT:5qz1xvjfdqyPP6X6T
Score

10^/10

formbook de08 evasion rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookde08evasionratspywarestealertrojan

behavioral2

formbookde08evasionratspywarestealertrojan

© 2018-2024

Terms | Privacy