formbook | c468a9183ecc42f934c38fecb1b02c1944aa4aa3acd39a920ec8e14f5443872f | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

New Order.exe

windows7-x64

New Order.exe

windows10-2004-x64

Sharing

General

Target

New Order.rar
Size

702KB
Sample

230209-qhz4nsdb6z
MD5

ccbb2ec496eb0b22ab4b9ddb3d1a59ed
SHA1

76ea403c4186849291174e0caa3457f97502ca4a
SHA256

c468a9183ecc42f934c38fecb1b02c1944aa4aa3acd39a920ec8e14f5443872f
SHA512

6fec7130370edaace6dfab6443f87ea01e297b37f446754dbaa2f216a0453f903a06215129549a0bb946e22dd60312d5c10b8902b24e45dc364b5c7ed4083c12
SSDEEP

12288:4Ql8EXJpl0m/MQ2O3sH880Ow0+vtAD3Nnqoq4KmmsJCHBXx5h/FvwCjACriIALvH:4bEXJpHMQ2OS7WntAD3NqJbmmAC1x5h+

Score

10^/10

formbook d03s rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

New Order.exe

Resource

win7-20220812-en

formbook d03s rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

New Order.exe

Resource

win10v2004-20220812-en

formbook d03s rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d03s

Decoy

laurasgreenleaves.co.uk

fantastik3d.com

jsstee.com

foodynation.co.uk

3623wnorthgate.com

titanmedical.africa

keithjacksonlifecoach.com

kardilah.shop

crisscrossfishsauce.com

lojatanamao.online

ceways.com

holybreadstudios.com

c66u.xyz

poococoin.net

exipureyour7best.online

easterislandfoundation.net

09448.voto

gzbzxyy.com

0uqx.xyz

agentfarah.com

gongtianhouse.com

ytorly.xyz

janolepets.com

jvkai.com

sttholdings.net

fraziersusedcarsnc.com

unitedtileandstonela.com

b5623.com

klcp311.com

aaruvisoiree.com

ispeaki.com

decertifyi.com

laowazhijia.com

eldiache.com

goodnewsgoat.com

championscupdraw.com

adryanabb.com

activeshop.uk

123jj11o.top

averycap.com

allow11.com

cleaning-services-66938.com

naturenurturelandscapes.co.uk

beauty-nails.site

cha-style.com

greattrump.xyz

yuanzhoulvgw.net

juicychuck.com

edwinesia.com

localfoods.africa

glistening.site

aprilandmax.rsvp

domanahvoynoy.ru

contabilmais.shop

gegeartprints.com

a2sk.shop

levelshhealth.com

ganchenbox.com

car-deals-70763.com

ckeventsltd.com

gdcxv.beauty

bermudadunesmoving.com

functionalfood.info

destroy.cfd

flavoredkreations.com

Targets

- Target
  
  New Order.exe
- Size
  
  856KB
- MD5
  
  7d8cdf3c58c00c596080b3f50f090ab5
- SHA1
  
  558c0dd0071f4875d7f74a19106ff06774ac30b9
- SHA256
  
  c9caca736c11e851b592f24322879f830096ef056283ab000c73fea48642278b
- SHA512
  
  273e806c9463f844d60e861e454d48e6bd9adc0a552c476485d61acf89a3669b22986d404d7f9d89791f7cf4eb5b149acbdeaca14b8164b523cf62ffa8d5424e
- SSDEEP
  
  24576:MHCtn9BoO/NtSQlQXDAlfSX6wnj+V9ClyTS666jDgs1b5/:z9KEpwzG8Lz6vgsD
Score

10^/10

formbook d03s rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookd03sratspywarestealertrojan

behavioral2

formbookd03sratspywarestealertrojan

© 2018-2025

Terms | Privacy