formbook | d50b5e68cc51789ccf9d892f92fd82ca4340f3603882c9fa24ea965d9e839a80 | Triage

Submit
Reports

Overview

overview

Static

static

Urgent quo...f-.exe

windows7-x64

Urgent quo...f-.exe

windows10-2004-x64

Sharing

General

Target

Urgent quote request -pdf-.bin
Size

636KB
Sample

221128-m4qwcadd8z
MD5

b8315ffe6f3194b9b8b8188696524867
SHA1

bb037856bb04518f5b1948efffbfbe31646af3ef
SHA256

d50b5e68cc51789ccf9d892f92fd82ca4340f3603882c9fa24ea965d9e839a80
SHA512

874a181dd92fcc9968f88b9a9e6a0e38473f85c4fd4ea84029bc0ed8e2717a957bc6a244b5222c8a7f8716bb85a774dee04c64f73802f9bfbe8c7b421a3ecb02
SSDEEP

12288:8pcJpbKbfuLb58ZGYxiudpN0nC3Lf91I64HyfOWyoc+h2j2AKm+:8ajbKCLb58ZGIRb7f9m8g5

Score

10^/10

formbook a24e rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Urgent quote request -pdf-.exe

Resource

win7-20220812-en

formbook a24e rat spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Urgent quote request -pdf-.exe

Resource

win10v2004-20220812-en

formbook a24e rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a24e

Decoy

flormarine.co.uk

theglazingsquad.uk

konarkpharma.com

maxpropertyfinanceuk.co.uk

jackson-ifc.com

yvonneazevedoimoveis.net

baystella.com

arexbaba.online

trihgd.xyz

filth520571.com

cikpkg.cfd

jakesupport.com

8863365.com

duniaslot777.online

lop3a.com

berkut-clan.ru

lernnavigator.com

elenaisaprincess.co.uk

daimadaquan.xyz

mychirocart.net

auroraalerts.uk

dunaphotography.com

netspirit.africa

alborhaneye.com

dwentalplans.com

95878.se

family-doctor-49371.com

grafonord.se

avimpactfit.com

growthlabus.com

kidney-life.com

delightfulappearance.com

valleymistst.co.uk

getasalaryraise.com

hongqiqu.vip

arkadiumstore.com

gaskansaja.click

getv3apparel.com

3888my.com

flaginyard.com

applehci.com

politouniversity.com

health-23.com

asciana.com

estheticdoctorturkey.com

bkes-2023.info

6bitly.com

abopappas.online

faridfabrics.com

td0.online

seosquid.co.uk

0731ye.net

alliotcloud.top

gxin-cn.com

96yz857.xyz

tekniik.co.uk

histarfamily.com

industrailglasstech.com

ioqpht6c.store

dacodig.com

emaliaolkusz1907.com

hjd533.com

dentalblueprints.com

amberdrichardson.com

balloonbanarasdecorator.com

Targets

- Target
  
  Urgent quote request -pdf-.bin
- Size
  
  636KB
- MD5
  
  b8315ffe6f3194b9b8b8188696524867
- SHA1
  
  bb037856bb04518f5b1948efffbfbe31646af3ef
- SHA256
  
  d50b5e68cc51789ccf9d892f92fd82ca4340f3603882c9fa24ea965d9e839a80
- SHA512
  
  874a181dd92fcc9968f88b9a9e6a0e38473f85c4fd4ea84029bc0ed8e2717a957bc6a244b5222c8a7f8716bb85a774dee04c64f73802f9bfbe8c7b421a3ecb02
- SSDEEP
  
  12288:8pcJpbKbfuLb58ZGYxiudpN0nC3Lf91I64HyfOWyoc+h2j2AKm+:8ajbKCLb58ZGIRb7f9m8g5
Score

10^/10

formbook a24e rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooka24eratspywarestealertrojan

behavioral2

formbooka24eratspywarestealertrojan

© 2018-2024

Terms | Privacy