formbook | d2da367f408927aed9dc92251cc05f67a7032b9f59eafc1db59c1cc4aa71646a | Triage

Submit
Reports

Overview

overview

Static

static

1

rBillOfQuantity.exe

windows7-x64

rBillOfQuantity.exe

windows10-2004-x64

Sharing

General

Target

rBillOfQuantity.exe
Size

1018KB
Sample

230329-phra4ahh2w
MD5

0ac8216cb320fc7e13fbded96961c776
SHA1

1329061e82e21ab844d9ce50e2c24c90d392907b
SHA256

d2da367f408927aed9dc92251cc05f67a7032b9f59eafc1db59c1cc4aa71646a
SHA512

2b696d2c858e75ee0a0ac73d08e9b807e811040c03f55a2c50819f2e59980c65e728fed70e8e97a17119153ec87bbd7035863f72bfa3758bc2c1ff747561983e
SSDEEP

24576:U12zVZ9LpVMouvpBJpkaA0/itgYeJre6vL02Q7a:UAR3LkoCBDj0eo0Q

Score

10^/10

formbook jr22 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

rBillOfQuantity.exe

Resource

win7-20230220-en

formbook jr22 rat spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

rBillOfQuantity.exe

Resource

win10v2004-20230220-en

formbook jr22 rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jr22

Decoy

941zhe.com

lunarportal.space

xn--osmaniyeiek-t9ab.online

trejoscar.com

nrnursery.com

quizcannot.cfd

seedstockersthailand.com

watsonwindow.com

wjfholdings.com

weziclondon.com

naruot.xyz

yeji.plus

classicmenstore.com

oharatravel.com

therapyplankits.com

keviegreshonpt.com

qdlyner.com

seithupaarungal.com

casinorates.online

8ug4as.icu

foamyfallscarwash.com

padelfaculty.com

theenergysavingcentre.com

dorpp.com

scoresendirect.online

yuqintw.com

erenortopedi.com

skymagickey.com

infinitepuremind.com

watchtamilmovie.com

southplainsinsurance.net

intentionaldating.app

certaproarkansas.com

blidai.com

thehoneybeeworks.com

followplace.com

sipsterbyananeke.com

37300.uk

bluebirdbuyers.com

composewithme.com

moneymundo.com

daftarakun.xyz

samsonm.com

nurse-jobs-in-us-35896.com

cancerbloodspecialistsga.net

feelfeminineagain.com

residentialcaretraining.com

allprocleanouts.com

englishsongs.online

bookkeepingdeerfield.com

bendcollegeadvisor.com

boaiqixian.com

vixensgolfcarts.com

igarrido.net

rsconstructiontrading.com

lakewayturf.com

carelesstees.com

silviaheni.xyz

iaqieqq.com

campingspiel.com

diacute.com

thaigeneratortg.com

autoreenter.com

meclishaber.xyz

airbnbtransfers.com

Targets

- Target
  
  rBillOfQuantity.exe
- Size
  
  1018KB
- MD5
  
  0ac8216cb320fc7e13fbded96961c776
- SHA1
  
  1329061e82e21ab844d9ce50e2c24c90d392907b
- SHA256
  
  d2da367f408927aed9dc92251cc05f67a7032b9f59eafc1db59c1cc4aa71646a
- SHA512
  
  2b696d2c858e75ee0a0ac73d08e9b807e811040c03f55a2c50819f2e59980c65e728fed70e8e97a17119153ec87bbd7035863f72bfa3758bc2c1ff747561983e
- SSDEEP
  
  24576:U12zVZ9LpVMouvpBJpkaA0/itgYeJre6vL02Q7a:UAR3LkoCBDj0eo0Q
Score

10^/10

formbook jr22 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Command-Line Interface

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookjr22ratspywarestealertrojan

behavioral2

formbookjr22ratspywarestealertrojan

© 2018-2024

Terms | Privacy