formbook | 4cc054aa198d7a03895dd7ec5296eb354849a55c0e401ad5e8b67f070f6d0b5f | Triage

Submit
Reports

Overview

overview

Static

static

Urgent quo...f-.exe

windows7-x64

Urgent quo...f-.exe

windows10-2004-x64

Sharing

General

Target

UrgentXquoteXrequestX-pdf-.ace
Size

604KB
Sample

221128-kg2yzsed3w
MD5

8a52e8b2a069c307b3c1ede9c2c0ca66
SHA1

43e3e6f25db9996cd4f1d28eec5f46f1037f171f
SHA256

4cc054aa198d7a03895dd7ec5296eb354849a55c0e401ad5e8b67f070f6d0b5f
SHA512

3c3a0b85069700eb654b7adc230c2e8e727ba6508d137931f4412fcc2fca153840e71d40fc7dac8ac231c83fbb26544e0dc17c2279cbbc1d8e5ed9da93750034
SSDEEP

12288:OnqDZ9mGufrHKLlFZmLnjHej0W5+/VAqKtJMxBSMbneFHAG6z:LyFfrHKZFZAqj0u+b0JMxBSMbEHAG6z

Score

10^/10

formbook a24e rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Urgent quote request -pdf-.exe

Resource

win7-20221111-en

formbook a24e rat spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

Urgent quote request -pdf-.exe

Resource

win10v2004-20220812-en

formbook a24e rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a24e

Decoy

flormarine.co.uk

theglazingsquad.uk

konarkpharma.com

maxpropertyfinanceuk.co.uk

jackson-ifc.com

yvonneazevedoimoveis.net

baystella.com

arexbaba.online

trihgd.xyz

filth520571.com

cikpkg.cfd

jakesupport.com

8863365.com

duniaslot777.online

lop3a.com

berkut-clan.ru

lernnavigator.com

elenaisaprincess.co.uk

daimadaquan.xyz

mychirocart.net

auroraalerts.uk

dunaphotography.com

netspirit.africa

alborhaneye.com

dwentalplans.com

95878.se

family-doctor-49371.com

grafonord.se

avimpactfit.com

growthlabus.com

kidney-life.com

delightfulappearance.com

valleymistst.co.uk

getasalaryraise.com

hongqiqu.vip

arkadiumstore.com

gaskansaja.click

getv3apparel.com

3888my.com

flaginyard.com

applehci.com

politouniversity.com

health-23.com

asciana.com

estheticdoctorturkey.com

bkes-2023.info

6bitly.com

abopappas.online

faridfabrics.com

td0.online

seosquid.co.uk

0731ye.net

alliotcloud.top

gxin-cn.com

96yz857.xyz

tekniik.co.uk

histarfamily.com

industrailglasstech.com

ioqpht6c.store

dacodig.com

emaliaolkusz1907.com

hjd533.com

dentalblueprints.com

amberdrichardson.com

balloonbanarasdecorator.com

Targets

- Target
  
  Urgent quote request -pdf-.exe
- Size
  
  812KB
- MD5
  
  ce411b2f7dfd407c1a546e160193b55d
- SHA1
  
  c061262cf1a7999d7ee59694dd0c8bb570987e02
- SHA256
  
  8cfdcbcbb0b67c66ebb1c3a4cfb995424a9dc791c13d8df53cea06bcd8c2afef
- SHA512
  
  af96c79b2af92840691a777a72e650c0763f0bc20ecd8d1970ac97cdd5048768fbe413dbd7d673f03f53bcace92d517eeb17b9a791c4c29fa4463b6a8c9c51ba
- SSDEEP
  
  12288:h2D2DHPXsU51ZM0W52nCrgxRzrzbH3sgGJy3i9zxihIg95lvTHRyoY:Q2DPugfrzbHcFJwIohIgvpjRpY
Score

10^/10

formbook a24e rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooka24eratspywarestealertrojan

behavioral2

formbooka24eratspywarestealertrojan

© 2018-2024

Terms | Privacy