formbook | 87a097b21885bcece19b57b7110065316acd4082a3bbaa0930e4b74d9546ef5d | Triage

Submit
Reports

Overview

overview

Static

static

Shipping ...v.xlsx

windows7-x64

Resubmissions

14-09-2022 03:42

220914-d9hbqadabk 10

14-09-2022 03:35

220914-d5qsashbh2 7

14-09-2022 03:06

220914-dlxrhahbe5 4

Sharing

General

Target

Shipping Documents&Inv.xlsx
Size

100KB
Sample

220914-d9hbqadabk
MD5

1da456f925ab2886a211a11c5aa7bf7e
SHA1

f501d932f368fe6c481775303411526d15ded79d
SHA256

87a097b21885bcece19b57b7110065316acd4082a3bbaa0930e4b74d9546ef5d
SHA512

e177225a27c04c6736159ef050efbe62bf51163b2e3318cb632472d2393e71190277cd5cae8681fc0a34d63bd66f981d665e0abb385b04c99547a59d66434816
SSDEEP

1536:eN2BfocsYqKZ5onDxU9k3Gfh0SZTaJF1U3UsYJrdMBGfXk0nrY2sd8VH8N34S31r:ecBfocszKKMdiKa2E/rFfXNsd8VdSlr

Score

10^/10

formbook cy35 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Shipping Documents&Inv.xlsx

Resource

win7-20220812-en

formbook cy35 rat spyware stealer trojan

windows7-x64

26 signatures

1200 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cy35

Decoy

anfomakina.com

samruddhabhartfoundation.info

luxgems.store

tencstudios.com

prosperitycpr.life

fauxroofingproducts.com

adjoinsquirm.sbs

zjdingfeng.net

ellaboratorio.xyz

cobalt.church

dqjintuo.com

radiocontinu.com

sdelajtort.store

wypr.xyz

invisiblegoliath.com

keywordbranding.com

blackopsconcrete.online

17wow.life

fontaneriajccaballero.com

huseyinyarici.xyz

flashworld.media

hollywood-collection.net

longterm034rooms5w6d6d7n5c3.top

panoramicadecoracoes.site

themixedwrestlinggroup.com

tiantian725.top

crossroadscctn.com

vacas.top

pondsbybee.site

80645.uk

fotomodelrambut.com

acorszx.com

bnbshop.co.uk

5559win.com

qokkdrtyjkltg5331.xyz

alwayskissablelips.com

dyshusongji.com

alphatangogifts.co.uk

gearonix.com

dogesmartchain.com

sentinel-direct.com

atomicstudios.co.uk

africalovespells.com

lineade4.com

oceanarita.quest

barrowbuddies.com

263235.sbs

wicksbuys.xyz

iopangydesign.xyz

tecsmix.com

hasctraining.com

huihuajx.com

jamgrow.online

amethystfaire.com

ontopsmp.co.uk

keysforvets.com

leadershipstagelaw.com

funsex.online

sportnft.online

hhhtcrlw.com

prestador.pro

sisustuspuu.info

absacxss.com

chanluuwrapbracelet.com

bamboosanibel.com

Targets

- Target
  
  Shipping Documents&Inv.xlsx
- Size
  
  100KB
- MD5
  
  1da456f925ab2886a211a11c5aa7bf7e
- SHA1
  
  f501d932f368fe6c481775303411526d15ded79d
- SHA256
  
  87a097b21885bcece19b57b7110065316acd4082a3bbaa0930e4b74d9546ef5d
- SHA512
  
  e177225a27c04c6736159ef050efbe62bf51163b2e3318cb632472d2393e71190277cd5cae8681fc0a34d63bd66f981d665e0abb385b04c99547a59d66434816
- SSDEEP
  
  1536:eN2BfocsYqKZ5onDxU9k3Gfh0SZTaJF1U3UsYJrdMBGfXk0nrY2sd8VH8N34S31r:ecBfocszKKMdiKa2E/rFfXNsd8VdSlr
Score

10^/10

formbook cy35 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookcy35ratspywarestealertrojan

© 2018-2025

Terms | Privacy