formbook | 5b284ea7d120dd963c6dd264ec57782d8593867b9fdc2b849d0730defdc22deb | Triage

Submit
Reports

Overview

overview

Static

static

REVISED_.exe

windows7-x64

REVISED_.exe

windows10-2004-x64

Sharing

General

Target

5B284EA7D120DD963C6DD264EC57782D8593867B9FDC2B849D0730DEFDC22DEB
Size

1.2MB
Sample

221208-yfezqabb98
MD5

df4ae3c329a4657f086d3fbdba04fdda
SHA1

51b567ebb0befcb1f517c5b7d8c16cc0bbc57746
SHA256

5b284ea7d120dd963c6dd264ec57782d8593867b9fdc2b849d0730defdc22deb
SHA512

d602d7085a0d474144c4b9fb2e97f51b9efb5b49567950f71161ba15be055d45a81514f0d7db34345c27ba81adcd3e68ab6f84268f74ed0dbb2c47a501aa712a
SSDEEP

6144:k+qpqSmgUZtFUaJqMJ3iwyoqAnrHxC4AbUkO0dDW8P4SATkU6Uk5dWXwzlf7Tvm:jqgSmdzUZAUndDWE4pkFv5DzA

Score

10^/10

formbook f9r5 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

REVISED_.exe

Resource

win7-20220812-en

formbook f9r5 rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

REVISED_.exe

Resource

win10v2004-20220812-en

formbook f9r5 rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

f9r5

Decoy

teknotimur.com

zuliboo.com

remmingtoncampbell.com

vehicletitleloansphoenix.com

sen-computer.com

98731.biz

shelikesblu.com

canis-totem.com

metaversemedianetwork.com

adsdu.com

vanishmediasystems.com

astewaykebede.com

wszhongxue.com

gacha-animator-free.com

papatyadekorasyon.com

mqc168.top

simplebrilliantsolutions.com

jubileehawkesprairie.com

ridflab.com

conboysfilm.com

iseemerit.world

airhbb.com

haveyourshare.com

qcstcsz.com

attorneykarinaramirez.com

patriziabartelle.com

dcc.coop

hdzz.top

treesandstarsoracle.com

rebarunikont.com

achivego.site

baipiao100.com

menslibwrty.com

insulationtraining.online

horseflix.club

suxyqyu.xyz

sqoki.com

ffbsjhvbsjhbvsajv.xyz

beapest.cfd

4892166.com

dvdmediastar.com

hotwomensearching4u.site

cupompetlover.com

terrapretasales.com

joinsequene.com

powerkitap.com

jonjene.com

wqcwgl.com

utahexotics.com

ballerboutique.com

cftronline.com

gettidaladvance.site

anagladstonedesign.com

bunsi-figura.store

ttvip-13.net

cmjysx-uqps.website

ifealafia.com

carlospainter.com

elitetrio.xyz

inggridangelia.com

leporebaq.com

youpinhang.com

palm3d.net

wo567567.com

shinecleaningasheville.com

Targets

- Target
  
  REVISED_.EXE
- Size
  
  573KB
- MD5
  
  0e27fab3f710b0b524091aba6ed455c7
- SHA1
  
  2b6aca7bc31a565f0cb1e00d9daab463b570f269
- SHA256
  
  40f511e420e73d2cb620d782e9ed31dbd1dabe4103b31e025a4158d39a209a5e
- SHA512
  
  d795b666ec53c9ed058c8fa77dac06e6e77f9d4871dfea8d59ebe49653b9b0620d292677482a88e81b276893948780db6ecc7b7e67ebb1c2a1995fc16876ba2a
- SSDEEP
  
  6144:/+qpqSmgUZtFUaJqMJ3iwyoqAnrHxC4AbUkO0dDW8P4SATkU6Uk5dWXwzlf7Tvm:GqgSmdzUZAUndDWE4pkFv5DzA
Score

10^/10

formbook f9r5 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookf9r5ratspywarestealertrojan

behavioral2

formbookf9r5ratspywarestealertrojan

© 2018-2024

Terms | Privacy