formbook | 392d84c160a17dd93a78b8549f5298d43d1f2ead6d236a1780bc290cc864e615 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

formbook5.exe

windows7-x64

formbook5.exe

windows10-2004-x64

Resubmissions

25/10/2022, 14:04

221025-rdmhfschd5 10

25/10/2022, 13:32

221025-qs4jvachar 10

Sharing

General

Target

formbook5.zip
Size

589KB
Sample

221025-qs4jvachar
MD5

4b118775084acfc30f6a39c7abe43e63
SHA1

91162b489936d424978cf74b555fff5ac6acb1c4
SHA256

392d84c160a17dd93a78b8549f5298d43d1f2ead6d236a1780bc290cc864e615
SHA512

c9139310c2067f14825647e1c708cf51fe0f373f149873ef162a7348978665dc6d61579b40d706d2987619d1ea7e34554d40344741a354653d2b8c69454e3105
SSDEEP

12288:WK5B2RjIGHF8tvs26RXTfpbegRznZ7eLtieStN5R0qRCsOi9Arr3:WK2tl8tvs26RgSznZq0e8N5RL0i9Arr3

Score

10^/10

formbook gs25 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

formbook5.exe

Resource

win7-20220901-en

formbook gs25 rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

formbook5.exe

Resource

win10v2004-20220812-en

formbook gs25 rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gs25

Decoy

real-food.store

marketdatalibrary.com

jolidens.space

ydental.info

tattoosbyjayinked.com

buytradesellpei.com

61983.xyz

identitysolver.xyz

mgfang.com

teizer.one

staychillax.com

ylanzarote.com

workte.net

maukigato.shop

coolbag.site

btya1r.com

dkhaohao.shop

zugaro.xyz

boon168.com

xn--80aeegahlwtdkp.com

ofiarx.com

militaryees.com

moshrifmontagebau.com

usesportcompany.com

savagesocietyclothing.com

wethedreamrs.com

allhealthzdorovoiscilenie.sbs

legacycrossingbroker.com

dompietro.com

hallconciergerie.com

xn--289a95vn5cmx6a.com

siervostinting.com

windesk.info

braxton.construction

scarefullym.shop

organicyummyvegan.com

maniza.shop

moviesmod.one

wenmingsm.com

techgist.tech

infodescansovital.click

adsfuture.shop

54844.site

opensea.creditcard

yassinshield.com

daubacthanhdeneasy.online

governmentmarketstrategies.com

socioeconomical.pics

blackmail.guide

tdrevolution.net

mega-pornx.info

favrity.com

cuocsongtot2022.site

touchlyfe.com

track-usps.info

kitchentimeremodeling.com

jettylearn.com

hookguy.buzz

cojo.world

negocio-naweb.store

kern3361ren1.site

smithbryan.website

jlxseat.top

rocksology.net

crownglassware.info

Targets

- Target
  
  formbook5.exe
- Size
  
  718KB
- MD5
  
  39cffb366d87292f4b5efecf69c32774
- SHA1
  
  104fe2e617556e97af1a6f5082bba003a8e9ff3d
- SHA256
  
  37e9f15077e6491eade2a03b73b9f48b0037c6995a5fbecdae7a942710d1dde1
- SHA512
  
  d508a86dc49fc5737904b23ceab055329ebf47dc77b119297a8d1fb6c1f17217a24ec0a714787e8dcda215381549a04d77d8212f0fd83ddcf1de545453d4078f
- SSDEEP
  
  12288:3hUWMtLdsIJ4Il6RXTTpbe0RRnT7QLtAeSfN5r5pHM2as8i9Rr5o7We:xhMtBsy6R82RnTEmewN5rr8i98
Score

10^/10

formbook gs25 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookgs25ratspywarestealertrojan

behavioral2

formbookgs25ratspywarestealertrojan

© 2018-2025

Terms | Privacy