formbook | 4b57d3356f6e737fc9ee61764cd17e7f51dd426d1d487f2b9b19748e40657956 | Triage

Submit
Reports

Overview

overview

Static

static

1

Justifican...ia.exe

windows7-x64

Justifican...ia.exe

windows10-2004-x64

Sharing

General

Target

Justificante de transferencia.rar
Size

258KB
Sample

230323-p1r1cahf2x
MD5

d7a1ba40cef151a55fe25e469c2b8db1
SHA1

f22b5271e7024b59a7c7f50e8f20b6080819616b
SHA256

4b57d3356f6e737fc9ee61764cd17e7f51dd426d1d487f2b9b19748e40657956
SHA512

35316d9f10577f254d3e374bd120642a0d9856370b0b31c175e89eb3cfde5043d136ae6c68bbad21fda3409c49a3b06012f9ae24d31aad94669f91b717a00ec3
SSDEEP

6144:+7Z2QUHo2LvPIM1xeOBKiXfWLx4QK527wVKkRI48vu4P+5Fl6B2:+94Ho2LvPIM2OBKiuqpIEBIl25FW2

Score

10^/10

formbook guloader bd16 downloader rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Justificante de transferencia.exe

Resource

win7-20230220-en

formbook guloader bd16 downloader rat spyware stealer trojan

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

Justificante de transferencia.exe

Resource

win10v2004-20230220-en

formbook guloader bd16 downloader rat spyware stealer trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bd16

Decoy

fjosephsolicitor.co.uk

itworx.store

firstlinebeefits.com

cadimaglobalservices.com

inclevin.com

kashmirimasale.com

charalambidis.com

homeliday.co.uk

joseguardiola.dev

wowmomofranchise.info

halongbaycruisestours.com

000217.com

dslt.xyz

careyinmobiliaria.com

ucankofteci.net

brisace.com

fastestcleaningservice.com

cornbreadnchicken.com

sizeable.app

labradordiamond.com

houseofartists.uk

halsotid.com

culligamdiy.com

bluehillinternational.com

camillerdesign.com

anth0nywilder.com

tumangadescargas.net

diasporadar.com

jtstu.com

brillsservices.com

srewib.online

ganchenbox.com

handream.co.uk

accessibleherefordshire.com

iverse.media

adeolasadvocacy.com

jmkafgha.top

litsugar.com

exclus-urvey.com

bossdolls.net

footballnostalgia.org.uk

babymed.africa

cutpriceappliances.co.uk

bloomuniverse.xyz

imperialforge.co.uk

joontii.com

tiyu592.com

coliback.group

bblifebizsolutions.com

directrealizabr.online

artbychimps.com

aviiss.com

gacorgaming.online

oliveuk.co.uk

idahohighwaytrivia.com

frutasdelyuna.com

lindakembabaziportfolio.com

gosuslygi.site

matshallacademy.africa

conffirmit.com

casamareresort.com

flipfoil.com

boricuame.com

herspaday.com

ugoufang.com

Targets

- Target
  
  Justificante de transferencia.exe
- Size
  
  324KB
- MD5
  
  89c1af7470bf3a699a914a62a7a37c1f
- SHA1
  
  75112e7df02461e8dc0266d6a147959b2ae3701c
- SHA256
  
  c036bf9593241c5ba0f2a7d38b6ff8099344e4b17a758ff64b145f2329256415
- SHA512
  
  fa4ef030ff88c36e4028fc22e7e285383f38d73ec5b36f06bf4f087d84a55dbf72ad8e79d279deecac3181c71b239549c023e27e529cc57c3d46bd4a46971ba6
- SSDEEP
  
  6144:nQ606xUAK/TxV595DDV6v/bGj5Yb7T/lZNG5isZ/UTUNsKn8sFLZJFJJWkFx:k3LJZ6HbGjQLZiU1sFdHnWkFx
Score

10^/10

formbook guloader bd16 downloader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Formbook payload
  rat
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

formbookguloaderbd16downloaderratspywarestealertrojan

behavioral2

formbookguloaderbd16downloaderratspywarestealertrojan

© 2018-2024

Terms | Privacy