formbook | 4d6aed04de942b7577c3accd91e7b2e822f3e9ae3f44bb2c62d3f8332e7bb9bf | Triage

Submit
Reports

Overview

overview

Static

static

4d6aed04de...bf.exe

windows7-x64

4d6aed04de...bf.exe

windows10-2004-x64

Sharing

General

Target

4d6aed04de942b7577c3accd91e7b2e822f3e9ae3f44bb2c62d3f8332e7bb9bf.exe
Size

851KB
Sample

230106-psb9xsga28
MD5

0d40d12e558369cb5f5181e15578a1fe
SHA1

4672ae6d49334d3bb80f1fc45816648241ae6cd2
SHA256

4d6aed04de942b7577c3accd91e7b2e822f3e9ae3f44bb2c62d3f8332e7bb9bf
SHA512

db11dd7ead7d19455aae9af803815d48a7e2ffe405e185a93340ed4c1d3eb1fcbd8a76100ab63a96e27cf5bf2b6e15daa1dafa7ae455358ec4fb62167b83c551
SSDEEP

12288:NdX2iNju3x2cHss/S+PPaHENNxExSYdKyjRa19UY085aNmqq:Nx1Vu3x2cHs6Sq++czdRjo5Fk

Score

10^/10

formbook d0a7 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

4d6aed04de942b7577c3accd91e7b2e822f3e9ae3f44bb2c62d3f8332e7bb9bf.exe

Resource

win7-20220901-en

formbook d0a7 rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

4d6aed04de942b7577c3accd91e7b2e822f3e9ae3f44bb2c62d3f8332e7bb9bf.exe

Resource

win10v2004-20220812-en

formbook d0a7 rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d0a7

Decoy

ngpjqd.top

provider1.net

themetaverseloyalties.com

tylpp.com

pmjewels.com

87napxxgz8x86a.com

djolobal.com

fmbmaiamelo.com

naijabam.online

networkingbits.com

beesweet.live

sexarab.homes

promptcompete.com

midsouthradio.com

23mk.top

bnhkit.xyz

2ozp56.bond

vehiclesgroups.com

healthycommunitynow.com

cwzmesr.com

qpeqlqb.com

parallelsoundsstudio.com

legacy-lc.com

isedeonline.com

baudtown.com

characting.space

noironclothes.com

pisell.one

comnewcocoffee.com

bitvtag.live

hotelblunt.com

chryslercapitla.com

designrate.art

niacopeland.com

royaltyweb3.com

openai-good.com

mom.rent

brapix.app

pikkwik.com

omilive.com

whdmjse.com

belifprint.com

ncsex6.xyz

vrf70r.online

jbway.com

avtokozmetika.website

info-klar.com

zbk53.com

comfydays.shop

ismagency.biz

shm01.com

horzeplay.com

luxacumen.com

drpathcares.com

steamfulfillmentllc.com

board-evaluations.com

gecreditu.info

aquastarla.net

yjdfw.net

dhjzfs.com

theminco.biz

honeynoel.com

rzkbol.com

anastsy4.tech

botani-yodo1.xyz

Targets

- Target
  
  4d6aed04de942b7577c3accd91e7b2e822f3e9ae3f44bb2c62d3f8332e7bb9bf.exe
- Size
  
  851KB
- MD5
  
  0d40d12e558369cb5f5181e15578a1fe
- SHA1
  
  4672ae6d49334d3bb80f1fc45816648241ae6cd2
- SHA256
  
  4d6aed04de942b7577c3accd91e7b2e822f3e9ae3f44bb2c62d3f8332e7bb9bf
- SHA512
  
  db11dd7ead7d19455aae9af803815d48a7e2ffe405e185a93340ed4c1d3eb1fcbd8a76100ab63a96e27cf5bf2b6e15daa1dafa7ae455358ec4fb62167b83c551
- SSDEEP
  
  12288:NdX2iNju3x2cHss/S+PPaHENNxExSYdKyjRa19UY085aNmqq:Nx1Vu3x2cHs6Sq++czdRjo5Fk
Score

10^/10

formbook d0a7 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookd0a7ratspywarestealertrojan

behavioral2

formbookd0a7ratspywarestealertrojan

© 2018-2024

Terms | Privacy