formbook | 6b5b7952bdd33c6b92105d81a2211e7a2f907b89fd0a76c344db8ded9dc36802 | Triage

Submit
Reports

Overview

overview

Static

static

1

NUEVA ORDE...RA.exe

windows7-x64

NUEVA ORDE...RA.exe

windows10-2004-x64

Sharing

General

Target

NUEVA ORDEN DE COMPRA.exe
Size

796KB
Sample

230206-t2j4caab3z
MD5

066ce326ce4a330b8d5205450e7db45a
SHA1

6e09f8b98e2502ab285db9430717bc062fdf07ac
SHA256

6b5b7952bdd33c6b92105d81a2211e7a2f907b89fd0a76c344db8ded9dc36802
SHA512

d5e2627f5f9756cecd3901eb77903165517bbbbcf17731cfa938bff82ed04fb796eb7f0a1ea599274731241058b498921be450e75b235402f98e7be6623f66c1
SSDEEP

12288:Hpk8PAMcXnyXx6q1DzK389803EmEoPpnNH6VAgNEJEvbqgll84UX208VfCHJZahs:bAM1NooCGnhHWvBoX208VqpZS5G

Score

10^/10

formbook cy01 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

NUEVA ORDEN DE COMPRA.exe

Resource

win7-20221111-en

formbook cy01 rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

NUEVA ORDEN DE COMPRA.exe

Resource

win10v2004-20220812-en

formbook cy01 rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cy01

Decoy

beauty-clean.site

funsellers.shop

digichatbox.com

greenleafpestsvcs.com

getcashs.shop

jessbenitez.net

bridgeworksmotcentre.co.uk

chorusmobile.africa

kiralayolla.com

ft-vip.club

fromlearnerstoimpacters.com

baldwinaesthetics.com

legacyfinehomescb.com

adnaturaltours.com

hzdingyushangwu.com

brinkworthchurch.co.uk

statesurvival.net

beingabroad.store

gmkmc.com

toubra.africa

bestinvestments-guide.site

freeyourmind.pro

berriesbay.com

heart4.africa

analise.digital

bwin6888.com

couches-sofas-98740.com

therealmadridpark.net

zinkwazivillage.africa

saynagoaescorts.com

gobizzmedia.com

judiangka.lol

eyjhoa.cfd

ododomargaret.africa

lbcpaiementsecurise.ink

fortismedtech.com

bez-prolejnei.online

brommamarkis.online

curiocitycanada.com

billionairelist-guide.site

adept-19.online

coolbelion.com

jxsub.com

treeverse.africa

abudabhomes.casa

moonsleep.app

brunobastos.net

jetsshopfootball.com

mcl.africa

hnxmgg.com

frantechm.top

aurorashrineclub.com

auckledfathere.xyz

hawestwp.com

mrturbo.net

freshers.boo

nuevvamgmt.com

finepad.online

fellowdezire.online

vazert.xyz

ellenunningham.click

suprashoesireland.com

dietpraduh.com

aestheticsbykirstyyork.co.uk

howtomakemillionsnow.com

Targets

- Target
  
  NUEVA ORDEN DE COMPRA.exe
- Size
  
  796KB
- MD5
  
  066ce326ce4a330b8d5205450e7db45a
- SHA1
  
  6e09f8b98e2502ab285db9430717bc062fdf07ac
- SHA256
  
  6b5b7952bdd33c6b92105d81a2211e7a2f907b89fd0a76c344db8ded9dc36802
- SHA512
  
  d5e2627f5f9756cecd3901eb77903165517bbbbcf17731cfa938bff82ed04fb796eb7f0a1ea599274731241058b498921be450e75b235402f98e7be6623f66c1
- SSDEEP
  
  12288:Hpk8PAMcXnyXx6q1DzK389803EmEoPpnNH6VAgNEJEvbqgll84UX208VfCHJZahs:bAM1NooCGnhHWvBoX208VqpZS5G
Score

10^/10

formbook cy01 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookcy01ratspywarestealertrojan

behavioral2

formbookcy01ratspywarestealertrojan

© 2018-2024

Terms | Privacy