formbook | d11429eb77b9fed70574ea7fe72b7d48355dd319db3b9b8d802e766b380ebae6 | Triage

Submit
Reports

Overview

overview

Static

static

1

new list.xls

windows7-x64

new list.xls

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

Target

new list.xls
Size

1.1MB
Sample

230414-mbc4sahe23
MD5

15d4b709ec7829706e540458e34d5b40
SHA1

4123024df7d79c4402bf55a99600e15ebe256f8e
SHA256

d11429eb77b9fed70574ea7fe72b7d48355dd319db3b9b8d802e766b380ebae6
SHA512

c458f62bae622b3ca0f48a5f33a7634b259076b49e39f5f443c991460be657d79951ac7a45595fc3ba6b78739e4e28c5f3cf1c6986015a126870cee4c08d684a
SSDEEP

24576:KLKfSSMMednE4SSMMednEuSSMMednEe+MXU2SSMMednEWWoUA4kJUsQ:KLKZMJMnMF+MXfMUo+keH

Score

10^/10

formbook hs95 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

new list.xls

Resource

win7-20230220-en

formbook hs95 rat spyware stealer trojan

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

new list.xls

Resource

win10v2004-20230220-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hs95

Decoy

capitalpartnersintl.com

learnotctrading.africa

kokotripbali.click

laserelitecreations.com

55522.voto

hezop.xyz

6n992.com

aelh3s.shop

victmcomssioner.org.uk

7xwithlove.com

gregdf.click

thewarehouseconsultants.africa

ilbufalaro.online

bulkcheapstamps.com

etismc.top

beautyby-eve.com

dabopixel.com

freddybrowne-17.com

heat-pumps-11472.com

cleaningbyeve.com

bartoszkowalczyk.com

kx1966.com

customfitaccounting.com

carspavaleting.com

1warez.sk

kingscrossvancouver.church

hjcyh.top

artistpu.com

aroundtheworldinc.com

benendenfreehotel.co.uk

6jc.net

couldssaoservice.com

breezymakeup.com

ilrayan.net

pure-bredrebel.net

florenceinnmotelco.com

aalogistic.uk

irkwfb.top

fifa.fail

62358.se

noware.app

deficryptocon.com

bekindorbequiet.com

254i6.bond

3boimage.com

bakhti.codes

horoscope-41400.com

criterionbeautiful.com

jskieller.online

longbeachrmh.com

dajichi.asia

99design.store

1xyty.bond

aidapes.ru

hhc-hexe.info

51seenet.com

loansace.com

misale.net

exupdeserb.info

neasamparishcouncil.co.uk

aimappq.info

darg.ninja

yepgift.com

ziufree.net

kx1569.com

Targets

- Target
  
  new list.xls
- Size
  
  1.1MB
- MD5
  
  15d4b709ec7829706e540458e34d5b40
- SHA1
  
  4123024df7d79c4402bf55a99600e15ebe256f8e
- SHA256
  
  d11429eb77b9fed70574ea7fe72b7d48355dd319db3b9b8d802e766b380ebae6
- SHA512
  
  c458f62bae622b3ca0f48a5f33a7634b259076b49e39f5f443c991460be657d79951ac7a45595fc3ba6b78739e4e28c5f3cf1c6986015a126870cee4c08d684a
- SSDEEP
  
  24576:KLKfSSMMednE4SSMMednEuSSMMednEe+MXU2SSMMednEWWoUA4kJUsQ:KLKZMJMnMF+MXfMUo+keH
Score

10^/10

formbook hs95 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookhs95ratspywarestealertrojan

behavioral2

© 2018-2025

Terms | Privacy