formbook | 70a767afae13b01f89e0830ff47ce2ccd605544173539c720575a6910450548d | Triage

Submit
Reports

Overview

overview

Static

static

1

Jan2023Rev...on.xls

windows7-x64

Jan2023Rev...on.xls

windows10-2004-x64

1

Sharing

General

Target

Jan2023RevisedQuotaion.xls.bin
Size

1.8MB
Sample

230505-zkncbsgd4s
MD5

41a540bc320dd5904fcb6eec31fbe6c7
SHA1

ada4de8ee7c8363b9e659455b91a8e472092515e
SHA256

70a767afae13b01f89e0830ff47ce2ccd605544173539c720575a6910450548d
SHA512

3b51336041722e95fae1d6e46b3f2a0b0da62dcf2c5b7df932a7b6e808d038db63a89de662ce9a246601cbb1550dbe3253edc78b0e48a467d71c057c8274698a
SSDEEP

49152:jLKksicXYkFicXYkyyGebJUbkZP2J++yDV231sQqydZ:noX/XiyGeGkA31s

Score

10^/10

formbook ie59 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Jan2023RevisedQuotaion.xls

Resource

win7-20230220-en

formbook ie59 rat spyware stealer trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

Jan2023RevisedQuotaion.xls

Resource

win10v2004-20230220-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ie59

Decoy

urbangoat.africa

electrotango.net

freehostag.info

91ky9.com

2ravensecurity.com

hfdibcx.cyou

homestudiolists.com

hiringhelpingconsultants.tech

haomaiapp.com

everestmerchatsallied.africa

0571sky.com

concreteblocksmachinery.com

iemstechnology.com

onkxlf31.com

tiffaniecatclub.co.uk

k9power.co.uk

cvatasia.com

xn--0trr0dv07a3we.net

douyinwe799.xyz

286vip.com

solarblindsonline.co.uk

kheloindia.online

justinjohn.online

gmcmotorsport.com

artarmisticeash.com

noware.app

brjinli.com

tylersphotovideo.com

gatestoparadise.com

bijouryjewels.com

99momentum.com

6pt7d8-6kjwds.com

gebralefukim.xyz

blurredlinessg.com

hecticprinting.com

lechon.digital

bigszuieach.com

knops.top

qiopz.online

adeuscalvicie.site

jewelflare.com

allecotw.com

edclvpartybus.com

cnc87.com

woozamall.africa

lethoan.com

bagsmens.com

1wqlti.top

laraynewoster.com

interlinkedclothing.com

kx2818.com

gist9ja.africa

health-insurance-28790.com

aidhouston.com

coffeelovingpanda.com

kartbakiyeyukle.net

brightsmile.shop

caxyobitter.info

humbleseedyoga.com

krockvibe.africa

bettsfinancial.com

efefinconclusive.buzz

anatads.com

affiniityplus.com

luminouskin.net

Targets

- Target
  
  Jan2023RevisedQuotaion.xls.bin
- Size
  
  1.8MB
- MD5
  
  41a540bc320dd5904fcb6eec31fbe6c7
- SHA1
  
  ada4de8ee7c8363b9e659455b91a8e472092515e
- SHA256
  
  70a767afae13b01f89e0830ff47ce2ccd605544173539c720575a6910450548d
- SHA512
  
  3b51336041722e95fae1d6e46b3f2a0b0da62dcf2c5b7df932a7b6e808d038db63a89de662ce9a246601cbb1550dbe3253edc78b0e48a467d71c057c8274698a
- SSDEEP
  
  49152:jLKksicXYkFicXYkyyGebJUbkZP2J++yDV231sQqydZ:noX/XiyGeGkA31s
Score

10^/10

formbook ie59 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookie59ratspywarestealertrojan

behavioral2

© 2018-2025

Terms | Privacy