formbook | b1a04015ced59584115a625dd19ee394005f911b108864b0bd834163d9c35181 | Triage

Submit
Reports

Overview

overview

Static

static

NUEVA ORDE...RA.exe

windows7-x64

NUEVA ORDE...RA.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

NUEVA ORDEN DE COMPRA.exe
Size

1.0MB
Sample

221101-cda24agadl
MD5

491066406db17e15ba0856060cad6f53
SHA1

3a2951a74e6becf5d6ce1532542013e56509bb60
SHA256

b1a04015ced59584115a625dd19ee394005f911b108864b0bd834163d9c35181
SHA512

7c3a30eb1d7c0d2dcb188d089fd6325506820e804a6babab5b4723153fd50496cd78022e98ff1d513cd52c57ed561e9d88330462fd9aa60cfaca172912f2a15c
SSDEEP

12288:U+5owG3Z6UiGwas1dxk8ibzwhuJ3zps7FtdfmgHSvyUQ/v2FC/U/X0Mnw2gvJZ:U8Gw7dxkwuJNs7Zfm0SK9HH/U/0rvT

Score

10^/10

formbook de19 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

NUEVA ORDEN DE COMPRA.exe

Resource

win7-20220812-en

formbook de19 rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

NUEVA ORDEN DE COMPRA.exe

Resource

win10v2004-20220812-en

formbook de19 rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

de19

Decoy

predictivemedicine.life

coloringforthepeople.com

project154.com

usmmexchange.com

bootzxon.com

chaoge730.com

thenaci.com

moviestarplent.com

musicallyengaged.com

sneakerspark.net

yudist.com

apqrcx.xyz

traceless.tel

guardlanavionics.com

usadogrights.com

openei.club

aventusluxury.com

telewebin.com

godrej-threeparks.net

solbysol.com

tarahomesolutions.com

riaairlines.com

berrygooddesigns.com

assistance-bouygues-telecom.com

s4hbgroupds.com

lago-vista-ata-martial-arts.com

icishopping.com

itkonsult.online

knightsbridgecdd.com

wrightstowntigers.com

gzxsb.com

teenanxiety.co

shanepisko.com

fftblogs.com

br-cleaning.plus

miami1688.cool

necomw.com

americanfreightsystemsinc.com

veirdmusic.com

brandnicer.com

ones77motiving.com

stephensthebakers.com

thaicomfortfood.com

mooreandsonsak.net

19838888.com

hay-yusspd-osaka-japan.life

junaidsubhani.tech

cadengineer.co.uk

camaratechsevilla.com

scholarsinfoguide.com

listcord.net

bossyoushu.com

robertkslaughter.xyz

locallywhitstable.co.uk

rsbtileinc.com

eviexo.com

lung-cancer-treatment-43816.com

lizandpeter.com

iberiahomes.institute

buyeber.net

hanarsedivy.com

fielsp.online

kuav7.com

1classlawncare.com

lanyuelou.com

Targets

- Target
  
  NUEVA ORDEN DE COMPRA.exe
- Size
  
  1.0MB
- MD5
  
  491066406db17e15ba0856060cad6f53
- SHA1
  
  3a2951a74e6becf5d6ce1532542013e56509bb60
- SHA256
  
  b1a04015ced59584115a625dd19ee394005f911b108864b0bd834163d9c35181
- SHA512
  
  7c3a30eb1d7c0d2dcb188d089fd6325506820e804a6babab5b4723153fd50496cd78022e98ff1d513cd52c57ed561e9d88330462fd9aa60cfaca172912f2a15c
- SSDEEP
  
  12288:U+5owG3Z6UiGwas1dxk8ibzwhuJ3zps7FtdfmgHSvyUQ/v2FC/U/X0Mnw2gvJZ:U8Gw7dxkwuJNs7Zfm0SK9HH/U/0rvT
Score

10^/10

formbook de19 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookde19ratspywarestealertrojan

behavioral2

formbookde19ratspywarestealertrojan

© 2018-2025

Terms | Privacy