formbook | a6821b8dbe19bb7e7b1b43e26f7a48c4b3ded583ff774e7a754b303af70ffe10 | Triage

Submit
Reports

Overview

overview

Static

static

1

rBillOfQuantity.exe

windows7-x64

rBillOfQuantity.exe

windows10-2004-x64

Sharing

General

Target

rBillOfQuantity.exe
Size

1019KB
Sample

230329-pg6pdsgc42
MD5

ddad0a4e5226bcf08e4831ce7b07d730
SHA1

2adae1b731e73c8e04086ecbf4af4baa0755f869
SHA256

a6821b8dbe19bb7e7b1b43e26f7a48c4b3ded583ff774e7a754b303af70ffe10
SHA512

fa8a088513c615fc324a19b470b787ca1b974073769424aed6b814d1eca78ce8232ebd72f5c740799ed83e57140916152cfec4edead40272b5cfe437597ad524
SSDEEP

24576:D12zVZ9L604wT9KmnwHBxxvRN4CaNFsBXN4K:DAR3LR4wTTwXWCOqd

Score

10^/10

formbook jr22 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

rBillOfQuantity.exe

Resource

win7-20230220-en

formbook jr22 rat spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

rBillOfQuantity.exe

Resource

win10v2004-20230220-en

formbook jr22 rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jr22

Decoy

941zhe.com

lunarportal.space

xn--osmaniyeiek-t9ab.online

trejoscar.com

nrnursery.com

quizcannot.cfd

seedstockersthailand.com

watsonwindow.com

wjfholdings.com

weziclondon.com

naruot.xyz

yeji.plus

classicmenstore.com

oharatravel.com

therapyplankits.com

keviegreshonpt.com

qdlyner.com

seithupaarungal.com

casinorates.online

8ug4as.icu

foamyfallscarwash.com

padelfaculty.com

theenergysavingcentre.com

dorpp.com

scoresendirect.online

yuqintw.com

erenortopedi.com

skymagickey.com

infinitepuremind.com

watchtamilmovie.com

southplainsinsurance.net

intentionaldating.app

certaproarkansas.com

blidai.com

thehoneybeeworks.com

followplace.com

sipsterbyananeke.com

37300.uk

bluebirdbuyers.com

composewithme.com

moneymundo.com

daftarakun.xyz

samsonm.com

nurse-jobs-in-us-35896.com

cancerbloodspecialistsga.net

feelfeminineagain.com

residentialcaretraining.com

allprocleanouts.com

englishsongs.online

bookkeepingdeerfield.com

bendcollegeadvisor.com

boaiqixian.com

vixensgolfcarts.com

igarrido.net

rsconstructiontrading.com

lakewayturf.com

carelesstees.com

silviaheni.xyz

iaqieqq.com

campingspiel.com

diacute.com

thaigeneratortg.com

autoreenter.com

meclishaber.xyz

airbnbtransfers.com

Targets

- Target
  
  rBillOfQuantity.exe
- Size
  
  1019KB
- MD5
  
  ddad0a4e5226bcf08e4831ce7b07d730
- SHA1
  
  2adae1b731e73c8e04086ecbf4af4baa0755f869
- SHA256
  
  a6821b8dbe19bb7e7b1b43e26f7a48c4b3ded583ff774e7a754b303af70ffe10
- SHA512
  
  fa8a088513c615fc324a19b470b787ca1b974073769424aed6b814d1eca78ce8232ebd72f5c740799ed83e57140916152cfec4edead40272b5cfe437597ad524
- SSDEEP
  
  24576:D12zVZ9L604wT9KmnwHBxxvRN4CaNFsBXN4K:DAR3LR4wTTwXWCOqd
Score

10^/10

formbook jr22 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookjr22ratspywarestealertrojan

behavioral2

formbookjr22ratspywarestealertrojan

© 2018-2024

Terms | Privacy