formbook | d5620e317780ea9daa8f2236dc8dc6890896f239e7c5ffc74e3f20b3f38a5aa3 | Triage

Submit
Reports

Overview

overview

Static

static

3

Quotation-pdf-.exe

windows7-x64

Quotation-pdf-.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

Quotation-pdf-.exe
Size

670KB
Sample

230519-ptg7kadh27
MD5

e8b1562034c0c6cde0669d4c5135a136
SHA1

e60f817cab60d9f9f60966d4f24454ece92ca8b6
SHA256

d5620e317780ea9daa8f2236dc8dc6890896f239e7c5ffc74e3f20b3f38a5aa3
SHA512

9168288ec5396f2c05278edb86cfebff9df0a790b28c01d2476d590d17f725312fe2abe97af0f7dc6e661c41ad7523f7dc23a5362b18826491e38fbba72c980f
SSDEEP

12288:kFQg02B1NZwnF5UH/MD5leAeJ4HtuUf9dY1nA+t:ki1c1DwFWf0leJCuUf9dEPt

Score

10^/10

formbook ae30 rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Quotation-pdf-.exe

Resource

win7-20230220-en

formbook ae30 rat spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

Quotation-pdf-.exe

Resource

win10v2004-20230220-en

formbook ae30 rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ae30

Decoy

lili116.ru

apatitum.ru

broadbandterbaik.com

flrfteb.ru

xysklhgf.xyz

thevelvetkit.africa

zwelethugh.africa

imassageandstretchdance.com

laser3dstudio.com

efefplantation.buzz

cyberwisely.com

hulihuli.net

electrosertecnologia.com

golanglearn.club

cee4agency.com

bedicustomgraphicapparel.com

aim2fitness.com

greenarrow-advisors.com

lotadan.com

kgaming.dev

alphaestetica.com

ailihuq.com

christmaslv.com

grandviewtub2shower.com

gbera9ja.africa

falconspice.com

ladderlab.site

dollarvalue-guide.site

frametasticuy.com

lowridericon.com

fshxzz.com

awath.dev

drinkcircleback.com

lostdrivinglicence.co.uk

kick-shoes.com

accidentattorneysearch-jp.life

asteramoving.com

dompacino.com

k59963.com

bayadere.co.uk

jkdairyjammu.com

ifidesignedit.com

ezengage.com

board-advising.com

reachphone.app

lajwbwcl.com

landscapingideas.site

diamondshouse-hannover.online

dustinoliver.com

fierceroar.uk

4983517.com

inhomeidea.com

firstchoicecladding.co.uk

kurrent.store

bcerviews.org.uk

guideonwheels.com

fact-times.live

bakedcivilization.com

howlsmovingcastlemerch.store

kinder-vaccine.com

landonwieweck.com

dxbsultan.com

tutastrading.africa

rseriali.net

lobosmc12.com

Targets

- Target
  
  Quotation-pdf-.exe
- Size
  
  670KB
- MD5
  
  e8b1562034c0c6cde0669d4c5135a136
- SHA1
  
  e60f817cab60d9f9f60966d4f24454ece92ca8b6
- SHA256
  
  d5620e317780ea9daa8f2236dc8dc6890896f239e7c5ffc74e3f20b3f38a5aa3
- SHA512
  
  9168288ec5396f2c05278edb86cfebff9df0a790b28c01d2476d590d17f725312fe2abe97af0f7dc6e661c41ad7523f7dc23a5362b18826491e38fbba72c980f
- SSDEEP
  
  12288:kFQg02B1NZwnF5UH/MD5leAeJ4HtuUf9dY1nA+t:ki1c1DwFWf0leJCuUf9dEPt
Score

10^/10

formbook ae30 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookae30ratspywarestealertrojan

behavioral2

formbookae30ratspywarestealertrojan

© 2018-2025

Terms | Privacy