formbook | 1412033c8719978d6d3aff11c06cb47b63dcab5fc30c05399ff28aea15393485 | Triage

Submit
Reports

Overview

overview

Static

static

СПЕШН...А.exe

windows7-x64

СПЕШН...А.exe

windows10-2004-x64

Sharing

General

Target

virus.zip
Size

570KB
Sample

221202-phjagsff64
MD5

ec0d7a2da98af13daf5daa06aaca240a
SHA1

391cb11e5421a8d1a8c50d81bb7e00da3b216e14
SHA256

1412033c8719978d6d3aff11c06cb47b63dcab5fc30c05399ff28aea15393485
SHA512

48f6a7031ac6cfce8878a6115f56c097d15489cd87b87cdc48e5d6feeae9f5d62a8d6ff9c48691eac8a84e7d091b9c599b9cd81f5cfe6da0c96b74938d83f174
SSDEEP

12288:/jtpQGkiF1Jl1lww5Zgl+GAKd+SEMtgkxSn/azLGswerVG2ZsJN0RXoV7:7tRZF1lel+GH+S2yS+LZEq4OoV7

Score

10^/10

formbook d0a7 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

СПЕШНА ПОРЪЧКА ЗА ПОКУПКА.exe

Resource

win7-20220901-en

formbook d0a7 rat spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

СПЕШНА ПОРЪЧКА ЗА ПОКУПКА.exe

Resource

win10v2004-20221111-en

formbook d0a7 rat spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d0a7

Decoy

ngpjqd.top

provider1.net

themetaverseloyalties.com

tylpp.com

pmjewels.com

87napxxgz8x86a.com

djolobal.com

fmbmaiamelo.com

naijabam.online

networkingbits.com

beesweet.live

sexarab.homes

promptcompete.com

midsouthradio.com

23mk.top

bnhkit.xyz

2ozp56.bond

vehiclesgroups.com

healthycommunitynow.com

cwzmesr.com

qpeqlqb.com

parallelsoundsstudio.com

legacy-lc.com

isedeonline.com

baudtown.com

characting.space

noironclothes.com

pisell.one

comnewcocoffee.com

bitvtag.live

hotelblunt.com

chryslercapitla.com

designrate.art

niacopeland.com

royaltyweb3.com

openai-good.com

mom.rent

brapix.app

pikkwik.com

omilive.com

whdmjse.com

belifprint.com

ncsex6.xyz

vrf70r.online

jbway.com

avtokozmetika.website

info-klar.com

zbk53.com

comfydays.shop

ismagency.biz

shm01.com

horzeplay.com

luxacumen.com

drpathcares.com

steamfulfillmentllc.com

board-evaluations.com

gecreditu.info

aquastarla.net

yjdfw.net

dhjzfs.com

theminco.biz

honeynoel.com

rzkbol.com

anastsy4.tech

botani-yodo1.xyz

Targets

- Target
  
  СПЕШНА ПОРЪЧКА ЗА ПОКУПКА.exe
- Size
  
  722KB
- MD5
  
  0aee1077971fda9cedfc570be5e2c822
- SHA1
  
  21092ac3f3146688e8bf9b7613c8293b74824970
- SHA256
  
  97bfd8737b330f409b85e67a43a20edcdc497a63ec9d663692aa8d11e323caf1
- SHA512
  
  72eb237eb96309d537c70008bbf6fa592e805f6111561ea3370799d14ec61f88743359cd2f614f2ac314d3b625cfe2f32b5119a293dec974783a188f5672265a
- SSDEEP
  
  12288:kLpeGieN1J53lWwlZ4r+cKkdm2oOJKk1wnjaXBnM33302IgFJN0V3foYcjZnbCkI:6PvN1Nyr+cHm2AMwOBnG30YCoBjZnbCx
Score

10^/10

formbook d0a7 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookd0a7ratspywarestealertrojan

behavioral2

formbookd0a7ratspywarestealertrojan

© 2018-2024

Terms | Privacy