formbook | 9c299ded0d032383e9335646319295fe1d1e9c6c0165d784a4d00772de1dbcea | Triage

Submit
Reports

Overview

overview

Static

static

REVISED OR...ER.exe

windows7-x64

REVISED OR...ER.exe

windows10-2004-x64

Sharing

General

Target

REVISED ORDER FOR DECEMBER.lzh
Size

443KB
Sample

221130-l4jllaaf55
MD5

c8f6dc207e64282e9f114f881fef1779
SHA1

dd6a42fee900c1a192b0fbf85c82651d90550f8e
SHA256

9c299ded0d032383e9335646319295fe1d1e9c6c0165d784a4d00772de1dbcea
SHA512

1c823319cdb5c4183bc8fa4626fbf3d8425b7611cffc6eb316864f47c291542bd5541ec1dfbb6e76389259766f7b218c4d87cf088360c90da5160ad77420b73e
SSDEEP

12288:k2MjPiQURz4WGylJYnn5L5J7wBVKVFAxlbnnT7pn:5MjqRPly56BVKYPbnR

Score

10^/10

formbook f9r5 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

REVISED ORDER FOR DECEMBER.exe

Resource

win7-20220812-en

formbook f9r5 rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

REVISED ORDER FOR DECEMBER.exe

Resource

win10v2004-20220812-en

formbook f9r5 rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

f9r5

Decoy

teknotimur.com

zuliboo.com

remmingtoncampbell.com

vehicletitleloansphoenix.com

sen-computer.com

98731.biz

shelikesblu.com

canis-totem.com

metaversemedianetwork.com

adsdu.com

vanishmediasystems.com

astewaykebede.com

wszhongxue.com

gacha-animator-free.com

papatyadekorasyon.com

mqc168.top

simplebrilliantsolutions.com

jubileehawkesprairie.com

ridflab.com

conboysfilm.com

iseemerit.world

airhbb.com

haveyourshare.com

qcstcsz.com

attorneykarinaramirez.com

patriziabartelle.com

dcc.coop

hdzz.top

treesandstarsoracle.com

rebarunikont.com

achivego.site

baipiao100.com

menslibwrty.com

insulationtraining.online

horseflix.club

suxyqyu.xyz

sqoki.com

ffbsjhvbsjhbvsajv.xyz

beapest.cfd

4892166.com

dvdmediastar.com

hotwomensearching4u.site

cupompetlover.com

terrapretasales.com

joinsequene.com

powerkitap.com

jonjene.com

wqcwgl.com

utahexotics.com

ballerboutique.com

cftronline.com

gettidaladvance.site

anagladstonedesign.com

bunsi-figura.store

ttvip-13.net

cmjysx-uqps.website

ifealafia.com

carlospainter.com

elitetrio.xyz

inggridangelia.com

leporebaq.com

youpinhang.com

palm3d.net

wo567567.com

shinecleaningasheville.com

Targets

- Target
  
  REVISED ORDER FOR DECEMBER.exe
- Size
  
  573KB
- MD5
  
  0e27fab3f710b0b524091aba6ed455c7
- SHA1
  
  2b6aca7bc31a565f0cb1e00d9daab463b570f269
- SHA256
  
  40f511e420e73d2cb620d782e9ed31dbd1dabe4103b31e025a4158d39a209a5e
- SHA512
  
  d795b666ec53c9ed058c8fa77dac06e6e77f9d4871dfea8d59ebe49653b9b0620d292677482a88e81b276893948780db6ecc7b7e67ebb1c2a1995fc16876ba2a
- SSDEEP
  
  6144:/+qpqSmgUZtFUaJqMJ3iwyoqAnrHxC4AbUkO0dDW8P4SATkU6Uk5dWXwzlf7Tvm:GqgSmdzUZAUndDWE4pkFv5DzA
Score

10^/10

formbook f9r5 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookf9r5ratspywarestealertrojan

behavioral2

formbookf9r5ratspywarestealertrojan

© 2018-2024

Terms | Privacy