formbook | 80c6293d18c38b686ea6ab60d134247f8d72553be2d20a305b94c78115227667 | Triage

Submit
Reports

Overview

overview

Static

static

1

NUEVA ORDE...RA.exe

windows7-x64

NUEVA ORDE...RA.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

NUEVA ORDEN DE COMPRA.exe
Size

596KB
Sample

230413-qzpz2abg52
MD5

1f64d20ee12dd6ce045decfcee3207ce
SHA1

81ae1f4b15dc5100391851f2e9fc2390588b5f46
SHA256

80c6293d18c38b686ea6ab60d134247f8d72553be2d20a305b94c78115227667
SHA512

8422396ee0784ca38c48b0b9af272567d19c03e97dc3d61d4c80d95749852a3b28005d02a1303bff481563736dbcfeb81f1f439130ec4463634a36389ea19978
SSDEEP

12288:2+QBzis4GSpgQIpjcwKdxAxMc++sdkzYSraEsl:2+YisgjwMdyxy+ckzDratl

Score

10^/10

formbook cy01 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

NUEVA ORDEN DE COMPRA.exe

Resource

win7-20230220-en

formbook cy01 rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

NUEVA ORDEN DE COMPRA.exe

Resource

win10v2004-20230220-en

formbook cy01 rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cy01

Decoy

beauty-clean.site

funsellers.shop

digichatbox.com

greenleafpestsvcs.com

getcashs.shop

jessbenitez.net

bridgeworksmotcentre.co.uk

chorusmobile.africa

kiralayolla.com

ft-vip.club

fromlearnerstoimpacters.com

baldwinaesthetics.com

legacyfinehomescb.com

adnaturaltours.com

hzdingyushangwu.com

brinkworthchurch.co.uk

statesurvival.net

beingabroad.store

gmkmc.com

toubra.africa

bestinvestments-guide.site

freeyourmind.pro

berriesbay.com

heart4.africa

analise.digital

bwin6888.com

couches-sofas-98740.com

therealmadridpark.net

zinkwazivillage.africa

saynagoaescorts.com

gobizzmedia.com

judiangka.lol

eyjhoa.cfd

ododomargaret.africa

lbcpaiementsecurise.ink

fortismedtech.com

bez-prolejnei.online

brommamarkis.online

curiocitycanada.com

billionairelist-guide.site

adept-19.online

coolbelion.com

jxsub.com

treeverse.africa

abudabhomes.casa

moonsleep.app

brunobastos.net

jetsshopfootball.com

mcl.africa

hnxmgg.com

frantechm.top

aurorashrineclub.com

auckledfathere.xyz

hawestwp.com

mrturbo.net

freshers.boo

nuevvamgmt.com

finepad.online

fellowdezire.online

vazert.xyz

ellenunningham.click

suprashoesireland.com

dietpraduh.com

aestheticsbykirstyyork.co.uk

howtomakemillionsnow.com

Targets

- Target
  
  NUEVA ORDEN DE COMPRA.exe
- Size
  
  596KB
- MD5
  
  1f64d20ee12dd6ce045decfcee3207ce
- SHA1
  
  81ae1f4b15dc5100391851f2e9fc2390588b5f46
- SHA256
  
  80c6293d18c38b686ea6ab60d134247f8d72553be2d20a305b94c78115227667
- SHA512
  
  8422396ee0784ca38c48b0b9af272567d19c03e97dc3d61d4c80d95749852a3b28005d02a1303bff481563736dbcfeb81f1f439130ec4463634a36389ea19978
- SSDEEP
  
  12288:2+QBzis4GSpgQIpjcwKdxAxMc++sdkzYSraEsl:2+YisgjwMdyxy+ckzDratl
Score

10^/10

formbook cy01 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookcy01ratspywarestealertrojan

behavioral2

formbookcy01ratspywarestealertrojan

© 2018-2025

Terms | Privacy