formbook | 17ffde8137ccb72df1cf904e6e550a14e03c6e7029a507731a0a721697249851 | Triage

Submit
Reports

Overview

overview

Static

static

1

INQUIRY.exe

windows7-x64

INQUIRY.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

INQUIRY.exe
Size

620KB
Sample

230424-rx2fqacd92
MD5

ca5d33e8a379da31c0dda6b9e22c20ae
SHA1

8501cc96684dafbcbf44abe4af3b4465bb5473d2
SHA256

17ffde8137ccb72df1cf904e6e550a14e03c6e7029a507731a0a721697249851
SHA512

c4d830968ab1995eea43125273cafb28667bf163ed2af72c9315de5282ecde0f8abb312ccfe7c243374080554eb44f7d07183647c64bc08d4d3f98f9b0bc76f5
SSDEEP

12288:HMqFq1lshI14m+PfCANS543LUnHQQZY278xICTtag9oB4:H7+fSmSCcE43gnHQkYjoRB4

Score

10^/10

formbook ce18 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

INQUIRY.exe

Resource

win7-20230220-en

formbook ce18 rat spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

INQUIRY.exe

Resource

win10v2004-20230220-en

formbook ce18 rat spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ce18

Decoy

kenfinnegan.com

exopestireland.com

allthingzbeautiellc.com

attractiveidiot.com

calmsealight.com

ectobyte.com

8rr.xyz

hcmajq.info

alisongraceventures.com

jamtanganbagus.online

forexpropfirmmastery.com

coupimmobilier.com

amarisetechnologies.com

countrykidsclothing.com

eyecatcher.tech

merxip.online

fiteallc.com

themensroombarber.co.uk

seroofingtelford.co.uk

birdie786.com

tinasc.com

abadicash11.vip

beyondschoolwork.com

coachcreators.net

theoakwheel.co.uk

electrolyteelectric.com

bastetribal.com

bleatcement.online

sunsetnyc.com

bjzlccqz.com

loyaldiscount.com

gamerunr.com

keepaquarium.com

ecochec.ru

annakaiello.com

just-leanin.com

kitchen-furniture-66738.com

alibama.top

current-vacanies.com

hentaireaf.com

sim-virtual.net

wilkesalms.org.uk

bishopdelicious.com

dunamu-cabin.com

kessdaniels.com

x7c7h.com

permianmitsubishi.net

logmauk.co.uk

libertyconsul.com

dghg-106.com

bcpatil.com

diamondsilkregimen.com

nankanasaheb.com

incomeclub.africa

login-xfinity.net

fayetaylor.realtor

ljcfarms.africa

g-starnetwork.com

fullmography.com

cleanifylaundry.com

async.live

bigcommerce.rsvp

dominioncard.com

bankloan-dd.ru

bookcom34567875373733744444.top

Targets

- Target
  
  INQUIRY.exe
- Size
  
  620KB
- MD5
  
  ca5d33e8a379da31c0dda6b9e22c20ae
- SHA1
  
  8501cc96684dafbcbf44abe4af3b4465bb5473d2
- SHA256
  
  17ffde8137ccb72df1cf904e6e550a14e03c6e7029a507731a0a721697249851
- SHA512
  
  c4d830968ab1995eea43125273cafb28667bf163ed2af72c9315de5282ecde0f8abb312ccfe7c243374080554eb44f7d07183647c64bc08d4d3f98f9b0bc76f5
- SSDEEP
  
  12288:HMqFq1lshI14m+PfCANS543LUnHQQZY278xICTtag9oB4:H7+fSmSCcE43gnHQkYjoRB4
Score

10^/10

formbook ce18 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookce18ratspywarestealertrojan

behavioral2

formbookce18ratspywarestealertrojan

© 2018-2025

Terms | Privacy