formbook | 96df49e0deef67a2fc032cf1018662606bdef066655c1f31f135ccf8e68bace5 | Triage

Submit
Reports

Overview

overview

Static

static

tmpbdojnprv.exe

windows7-x64

tmpbdojnprv.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

tmpbdojnprv
Size

1.1MB
Sample

220908-lq2j9aebf7
MD5

d9c1894f13bb313d6777822843829dee
SHA1

ae0d2dcb7f536c304c2f1a7ecef450bd91c382ec
SHA256

96df49e0deef67a2fc032cf1018662606bdef066655c1f31f135ccf8e68bace5
SHA512

3585c56f9b27dbeec0c81e46f3d2b205cda05c2f64ebc9765a035d444fbc8d9b8e2441b36a0ef83001258ba5f53c20c847327210478f25c496703b9508c10adc
SSDEEP

24576:hv85UkZhzAzhWJA8L5rRj1FnKT/TA58hgsxjsHiO9zEtgfUaye15DJ4SFIL1Py:tzTA58hgKOi0zgjy5DKPy

Score

10^/10

formbook lsg6 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

tmpbdojnprv.exe

Resource

win7-20220901-en

formbook lsg6 rat spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmpbdojnprv.exe

Resource

win10v2004-20220812-en

formbook lsg6 rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

lsg6

Decoy

krishisudi.com

titantechsol.com

yourdeliveryteam.com

lovedecorstore.com

brtetsan.net

captainas007.com

porschegasolinesettlemetusa.com

oilspotgone.com

fclcollegelaw.xyz

cottastt.pro

xn--vb0b54ro0ioxlcrc6p.com

daidogei-point.com

theavalonsaysmoo.com

adhasahar.cloud

lovetivation.com

hipsandcures.com

writingaboutrealestate.com

atharvatrips.com

stair-lift-48402.com

thetrusttimes.com

sjzfuxin.com

comolatruchaltrucho.online

nj8c.com

mediaguruhub.com

22bet-poland.com

dcbeventzanddecor.com

ilmaime.com

2gon.net

comadvantageeducationloan.com

joommalls.com

normtesisat.com

nisrinaidak.com

cyclictoken.com

jiututa.com

jaramillofamily.com

relabywc.com

alphaskyfa.com

ovqiiv.xyz

pangrid.xyz

rightwingvideographer.net

tecolbd.com

irrigationdetoxgeneve.com

cpp-hse.net

goodforyour.pet

buddhisttoursindia.com

xn--w8qv7ju1wq61b.com

liverichnotbroke.net

easinvestment.com

prezente.online

vclaknrtseg.xyz

vanguardmarineservices.com

alianzaprosperar.com

spiritualawakeningcomedy.com

thekeyproduction.com

magicbookalerts.com

tic-santarosadecabal.info

bluecarbonbiotics.com

coastaladvisors.xyz

baratticomgm.com

meforce.online

highschoolfilms.com

uniformeymateralesmedicos.com

horseshowbiz.com

if-you-leave.com

colwellweddings.com

Targets

- Target
  
  tmpbdojnprv
- Size
  
  1.1MB
- MD5
  
  d9c1894f13bb313d6777822843829dee
- SHA1
  
  ae0d2dcb7f536c304c2f1a7ecef450bd91c382ec
- SHA256
  
  96df49e0deef67a2fc032cf1018662606bdef066655c1f31f135ccf8e68bace5
- SHA512
  
  3585c56f9b27dbeec0c81e46f3d2b205cda05c2f64ebc9765a035d444fbc8d9b8e2441b36a0ef83001258ba5f53c20c847327210478f25c496703b9508c10adc
- SSDEEP
  
  24576:hv85UkZhzAzhWJA8L5rRj1FnKT/TA58hgsxjsHiO9zEtgfUaye15DJ4SFIL1Py:tzTA58hgKOi0zgjy5DKPy
Score

10^/10

formbook lsg6 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooklsg6ratspywarestealertrojan

behavioral2

formbooklsg6ratspywarestealertrojan

© 2018-2025

Terms | Privacy