formbook | 5ab8f32d7ca605e9a8dac9336056c16a557eef273998ca1ec70e1ccc6eb80319 | Triage

Submit
Reports

Overview

overview

Static

static

19f731a9fd...17.exe

windows7-x64

19f731a9fd...17.exe

windows10-2004-x64

Sharing

General

Target

8457487383.zip
Size

517KB
Sample

221125-vcem1aef9t
MD5

4706e5d52808531f281be7e9f8cc580c
SHA1

fa590fd1f42d25ad6abd67e4f89fead95d9f437e
SHA256

5ab8f32d7ca605e9a8dac9336056c16a557eef273998ca1ec70e1ccc6eb80319
SHA512

848c3d66a62a1773d2660fec506dc1f621032f3d1e5c68e06ff2d0fbd6c8fb6b358e2567e366878ef4eb7f69312cd0f66f3f2804ae151b28882db131cb707423
SSDEEP

12288:0uPRvf1xqnWIg4UJaN019F6AeLqLdN0xeccvDZdx:XJvTm7g4UJl7F6zilNP

Score

10^/10

formbook d0a7 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

19f731a9fd9077633063590007ede514549eab529ea3b4d0c4f67c3efd861417.exe

Resource

win7-20221111-en

formbook d0a7 rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

19f731a9fd9077633063590007ede514549eab529ea3b4d0c4f67c3efd861417.exe

Resource

win10v2004-20220812-en

formbook d0a7 rat spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d0a7

Decoy

ngpjqd.top

provider1.net

themetaverseloyalties.com

tylpp.com

pmjewels.com

87napxxgz8x86a.com

djolobal.com

fmbmaiamelo.com

naijabam.online

networkingbits.com

beesweet.live

sexarab.homes

promptcompete.com

midsouthradio.com

23mk.top

bnhkit.xyz

2ozp56.bond

vehiclesgroups.com

healthycommunitynow.com

cwzmesr.com

qpeqlqb.com

parallelsoundsstudio.com

legacy-lc.com

isedeonline.com

baudtown.com

characting.space

noironclothes.com

pisell.one

comnewcocoffee.com

bitvtag.live

hotelblunt.com

chryslercapitla.com

designrate.art

niacopeland.com

royaltyweb3.com

openai-good.com

mom.rent

brapix.app

pikkwik.com

omilive.com

whdmjse.com

belifprint.com

ncsex6.xyz

vrf70r.online

jbway.com

avtokozmetika.website

info-klar.com

zbk53.com

comfydays.shop

ismagency.biz

shm01.com

horzeplay.com

luxacumen.com

drpathcares.com

steamfulfillmentllc.com

board-evaluations.com

gecreditu.info

aquastarla.net

yjdfw.net

dhjzfs.com

theminco.biz

honeynoel.com

rzkbol.com

anastsy4.tech

botani-yodo1.xyz

Targets

- Target
  
  19f731a9fd9077633063590007ede514549eab529ea3b4d0c4f67c3efd861417
- Size
  
  696KB
- MD5
  
  0a3090e1388dd1d864c61ce2da00e9ad
- SHA1
  
  0d5c2bc5f9dee93582c0f44284b7de83d2fb7724
- SHA256
  
  19f731a9fd9077633063590007ede514549eab529ea3b4d0c4f67c3efd861417
- SHA512
  
  0711a80fd227cff79ea5cdf783c7c2f6a18ac15d7d326a058724d247ef2ff9bd9fb72d2bc1174acb6e1f9f58093baec0b00b0602ade4d792de77e5e362fca023
- SSDEEP
  
  12288:H/Hvgh/PsZ1DX/VDJGBtNvY3jvhnAXO8kL/BRVSIXt1yffSyB30:Hfvgh/P9Z+jpnQOD/TzPWfSyy
Score

10^/10

formbook d0a7 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookd0a7ratspywarestealertrojan

behavioral2

formbookd0a7ratspywarestealertrojan

© 2018-2024

Terms | Privacy