formbook | fdcdd88c8de821d3cbb39bd3d1f64173f5f6b9d1e399db1d57a434081bfa5852 | Triage

Submit
Reports

Overview

overview

Static

static

1

SCAN 00009...MG.exe

windows7-x64

SCAN 00009...MG.exe

windows10-2004-x64

Sharing

General

Target

e7a97ac27a7e1a0133acba15572f9a50542300eee994a8bb9347d31f8ebbf5dc.zip
Size

788KB
Sample

230310-mz9gwsch87
MD5

eccb066a9f629569eb39c487db806f0f
SHA1

b1250b1aba09126cc21c109d8cfaf6e12f268c93
SHA256

fdcdd88c8de821d3cbb39bd3d1f64173f5f6b9d1e399db1d57a434081bfa5852
SHA512

50455c0619d3f8ef26ed463216b57b0a9d8f37f8235b94ebddd50a97180cf7773cede089223ed81562b68cc1ca7c3d24048989bed0cc8fa7c85d0e4583c33e66
SSDEEP

12288:w4tQ9kPIt/mnLifviFD+6hp/uSqzIWpD3JRati93VGWgcbIMWfU/mj+RmQKT31mt:wi1PIcnefKFD+UQhtZcsFGWgh/fXyAut

Score

10^/10

formbook bpnw rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

SCAN 000090499000045739.IMG.exe

Resource

win7-20230220-en

formbook bpnw rat spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

SCAN 000090499000045739.IMG.exe

Resource

win10v2004-20230220-en

formbook bpnw rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bpnw

Decoy

subsc-music.com

spiffyd01.buzz

link2it.xyz

coenst.site

carltonautomatic.com

argbeauty.co.uk

tenantdfgg.click

mammothbechtelar.com

bekkarblogger.com

rheamoments.com

themagicofbedtime.com

berksbeaconnews.com

1stpagerealestate.com

ammarshoes.com

lv-newlife.com

travelnewsbuzz.com

promo-tv.fun

getfreedownload.online

al-istitmar.info

strataclleanenergy.com

furnishedcottage.com

bklcbd.com

oayara.com

rttranslate.com

hmmm.services

economycutslawnservice.com

coreinternationalbusiness.com

outpv.online

drinja-tirkiz.com

martline.website

osanala.com

tridentacquisition.info

thecoachhq.com

fawjianyu.com

innoinfinitesolutions.net

tamilnadumetal.com

spig.nu

cyberjam.live

southern-sniper.com

goldquick.club

foxhound-armory.com

ethype.xyz

itfckingmatters.info

drlaskovets.space

nhadat413.com

sjlh267.com

soulrichcollections.com

uiemvh.xyz

deafazagency.com

zenstel.com

thriftytrack.com

tuirctrapped.buzz

skestar.top

prilagatelnoe.makeup

discordserver.net

ypm8.top

wristlancer.com

davidleeproperty.co.uk

ryconascimentotelasfake.website

eldritchventures.net

china-opq.com

allayrival.net

ns9x.xyz

memorymakersottawa.com

casinospinwin.net

Targets

- Target
  
  SCAN 000090499000045739.IMG.exe
- Size
  
  1.1MB
- MD5
  
  912b66f6aeee60ff00e90b9d267529b3
- SHA1
  
  38cb4ce90e7e19bb42f3fb6d48e69d02db891ec1
- SHA256
  
  d5fe9ec3478dfc65a14ded1ca3e9ced361617a085ec6c3da1bd9b9cc0083511f
- SHA512
  
  0e58095cbe3a50103e1a76c3918c8c0f55d965df9fc4a2526ec0d8ac5c65ed9161c81c2fa9dfbae93ba5ec925b578bf52632fbc8a39126936912abfad1ddb80b
- SSDEEP
  
  24576:3uOZ6wGkB+e9uf8mSiEPQ3h5oPIpYAMYDkX94bMtP9DGfO:SYQ38+Y72O94bu9GO
Score

10^/10

formbook bpnw rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookbpnwratspywarestealertrojan

behavioral2

formbookbpnwratspywarestealertrojan

© 2018-2024

Terms | Privacy