formbook | 8a6e40ffa6aabeda07bd1c75dd8566bdb498ed5ef0eb523e8371e2fecda47e36 | Triage

Submit
Reports

Overview

overview

Static

static

3

UAE61 - 45...LC.exe

windows7-x64

UAE61 - 45...LC.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

UAE61 - 4510793563 - ALTAHER CHEM LLC.exe
Size

688KB
Sample

230803-h1392sbh64
MD5

5c412f0f22b162d7f32cdbc9e500a1fd
SHA1

e116967f21c982cdd814d82d2d37594f5a806cce
SHA256

8a6e40ffa6aabeda07bd1c75dd8566bdb498ed5ef0eb523e8371e2fecda47e36
SHA512

dd7ad2c106dc1cb7da444807ef25c77da32bb8cb3fd27aaf86cd640d6873d2b0396eb2af2870c022c0387c8c85d11bc646662f3c28b152ff038b5495b360a1ef
SSDEEP

12288:N5MY3kRIBx5xkUQAs371jl1INLMRUGl9zaasU:N6KkRm5BZs7p2aUGs

Score

10^/10

formbook ga83 rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

UAE61 - 4510793563 - ALTAHER CHEM LLC.exe

Resource

win7-20230712-en

formbook ga83 rat spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

UAE61 - 4510793563 - ALTAHER CHEM LLC.exe

Resource

win10v2004-20230703-en

formbook ga83 rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ga83

Decoy

fastholdtalaric.mom

lokimusic.shop

sisucomms.xyz

techpass.net

tzyl197.com

merakibrokers.com

recargaswebdirectya.online

buzzinsourshot.net

ansuship.com

vawrs.com

osadchiy.site

bigdatacomponents.com

ssflsd.com

studiotecniconatasciafabbro.com

tiichat.com

counselingbank.com

4goodsolutions.xyz

blindajeparallantas.com

evergreenedu.xyz

dilital.com

mt51l.com

dawani.store

1932boutique.com

antroposoficamente.com

dot33.top

72sv.com

imbuez.com

sameekshapathak.com

fmeducations.com

bloxmanagementgroup.com

furnishioz.online

newlifestylechanges.com

4676cordobaway.com

poapra.com

baspalace.com

swteam9.click

807whitecap.com

se7enrising.com

socksuwear.com

5787nn.top

thetupi.com

dystopiarust.com

kpigpz.com

askubwerd.online

freedomfm.store

btcspotindex.com

hannahgriswold.com

benbarnes.online

grafix.design

salondoor.xyz

oxbet100.net

easytreina.com

elegantbold.life

ioigame.com

yv2rc9kzzpn7.com

thecreative1s.com

jcbefv63.com

itseasytodesign.com

tearsofthekingdomrecipes.com

huseyinata.xyz

clinicamuprodent.com

megacaraccessories.com

d9247.top

nhikhoaphucan.com

ufoporno.xyz

Targets

- Target
  
  UAE61 - 4510793563 - ALTAHER CHEM LLC.exe
- Size
  
  688KB
- MD5
  
  5c412f0f22b162d7f32cdbc9e500a1fd
- SHA1
  
  e116967f21c982cdd814d82d2d37594f5a806cce
- SHA256
  
  8a6e40ffa6aabeda07bd1c75dd8566bdb498ed5ef0eb523e8371e2fecda47e36
- SHA512
  
  dd7ad2c106dc1cb7da444807ef25c77da32bb8cb3fd27aaf86cd640d6873d2b0396eb2af2870c022c0387c8c85d11bc646662f3c28b152ff038b5495b360a1ef
- SSDEEP
  
  12288:N5MY3kRIBx5xkUQAs371jl1INLMRUGl9zaasU:N6KkRm5BZs7p2aUGs
Score

10^/10

formbook ga83 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookga83ratspywarestealertrojan

behavioral2

formbookga83ratspywarestealertrojan

© 2018-2025

Terms | Privacy