formbook | 90c6128ca426717f3aab904fda4124ae91a1aad1a670b0f5b8a2b210a19d721d | Triage

Submit
Reports

Overview

overview

Static

static

Request Fo...on.exe

windows7-x64

Request Fo...on.exe

windows10-2004-x64

Sharing

General

Target

Request For Quotation.exe
Size

1018KB
Sample

221127-p7g4qahf63
MD5

0f4745cd79581770c068c19a5c94662f
SHA1

cded3cd2bf67d20c0e769eb040a1cdcf224f7716
SHA256

90c6128ca426717f3aab904fda4124ae91a1aad1a670b0f5b8a2b210a19d721d
SHA512

50a57a7cb941f5161fc6c137e746b40b6fd7fda30bdefd9f640c7ad1a724fcac2c1bdd97aa349457e3100f4933a1c4d63e6f1d0d570c4d7a41b26b293a887f6b
SSDEEP

24576:BOcUaLBDPLqmRm29EJxeRuaJOuy3yD+L74mBfNUstzo:BOcUUPLFY29HBJON3

Score

10^/10

formbook oi05 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Request For Quotation.exe

Resource

win7-20220901-en

formbook oi05 rat spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

Request For Quotation.exe

Resource

win10v2004-20220901-en

formbook oi05 rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oi05

Decoy

fluidavail.online

blchain.tech

kyocera.website

sangmine.xyz

thepolicyjacket.info

ssvhelpman.net

y-t-design.com

eminentabroad.com

codingcamp.store

bester.capital

tanjiya23.site

bheniamyn.dev

top5monitor.com

bit-prim.trade

airstreamsocialclub.com

darkwarspod.com

zazisalesdistribution.com

vivolentlo.online

daftburo.net

elemangelsin.xyz

chasewildfire.buzz

olioubnajo.buzz

agoura.dental

ky4352.com

finechoice.mobi

studioarchadroit.com

5009townesouth.com

tik454register.xyz

divaresesaat.xyz

projektwrestling.com

krystalclearmemories.net

vinaychhaparia.com

sodexosupplychain.info

uudai.store

demontya.site

cloudydad.cloud

mewzom.online

20010906.xyz

epuken.link

saludaldia.tech

generto.com

mbenzmotorsport.com

voidssl.life

elbetolacakbirgece10.com

cdncleaningservices.com

kuzs248.top

verus.website

wisefocus.net

xn--nergie-de-gaia-9jb.com

wowsportsbet.com

vhkopiu.top

shopify-postmaster15.info

lysiimmobilier.site

princess.express

betebrands.com

6tldsuoacvrlwc1g4i.top

labucarimini.net

hogushinotakumi.com

turnhappy.shop

geenpaii.xyz

pyrrhadev.xyz

minhasaudeelevada.com

oblk.pics

recursosdijitales.com

vivencie.shop

Targets

- Target
  
  Request For Quotation.exe
- Size
  
  1018KB
- MD5
  
  0f4745cd79581770c068c19a5c94662f
- SHA1
  
  cded3cd2bf67d20c0e769eb040a1cdcf224f7716
- SHA256
  
  90c6128ca426717f3aab904fda4124ae91a1aad1a670b0f5b8a2b210a19d721d
- SHA512
  
  50a57a7cb941f5161fc6c137e746b40b6fd7fda30bdefd9f640c7ad1a724fcac2c1bdd97aa349457e3100f4933a1c4d63e6f1d0d570c4d7a41b26b293a887f6b
- SSDEEP
  
  24576:BOcUaLBDPLqmRm29EJxeRuaJOuy3yD+L74mBfNUstzo:BOcUUPLFY29HBJON3
Score

10^/10

formbook oi05 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookoi05ratspywarestealertrojan

behavioral2

formbookoi05ratspywarestealertrojan

© 2018-2024

Terms | Privacy