formbook | edf6c2e805b1b232065ff74c1c2b8c8da24147c9ef17175547ec5fb905005cf1 | Triage

Submit
Reports

Overview

overview

Static

static

3

rNO1086568...te.exe

windows7-x64

rNO1086568...te.exe

windows10-2004-x64

Sharing

General

Target

rNO10865687X54-Quote.exe
Size

703KB
Sample

230822-r75wwsed4y
MD5

48763155ecb4bc6e86492a17ad92a798
SHA1

0e601363e00c8fd7a9fc7a93e689d36d3b5008fa
SHA256

edf6c2e805b1b232065ff74c1c2b8c8da24147c9ef17175547ec5fb905005cf1
SHA512

a563b45539d3e7a14c6277fa38800d33e9378e6a0a2c7a2c074f921f48aa3d8bf5483d0ca14bb42b6182ec1cd48eebb45720fdcdf21263c3eca067c14887d878
SSDEEP

12288:c570Eww2d1mbT6o22B0vUYmXsfMG8tae766R3TnuG9tUiWjndZp:y0Ew0672m8bskGS773reTjnd

Score

10^/10

formbook hinf rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

rNO10865687X54-Quote.exe

Resource

win7-20230712-en

formbook hinf rat spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

rNO10865687X54-Quote.exe

Resource

win10v2004-20230703-en

formbook hinf rat spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hinf

Decoy

gemaprojects.com

infinitymarketingsystems.com

pustmegfram.com

mydetailaccelerator.com

zeusoffyp6.click

thegoddessofthehunt.com

abajim.com

jctrhc78.com

iyouiyiti.com

jobscnwire.com

emirates-tobacco.com

onledutech.com

medicinefloor.com

lghyr.fun

dohodnaavtomate.online

fbaxqevemd7.xyz

descontode70porcento.online

assmaco.com

bb845933.site

pinapplecapital.com

jizdna.com

dogsecom.shop

immutepvec.com

ankewayglobal.com

stoaenterprises.com

vitemalls.shop

ferdisparts.com

dyqfzx202308.com

sta4mps.com

glassesupmobilebarservices.com

aspireblockchain.com

salomon-skor-sverige.com

ascenndum.com

betper781.com

onhunhboan.cfd

theedgeofzion.com

aahwwr7p.com

angelandcoinsurance.com

morningbirdschool.com

ctrccadqccpwy.com

067tt.com

zjlzhb.com

theductalcarcinomas.live

qrcodeyes.com

usefight.best

vidanomada101.com

surfmodel.top

lypap.com

findlayxfulton.com

chuanzhe.cfd

jfa-consulting.com

melosboutiquehotel.com

lphm.club

buygreenparkpadeluk.com

cfyuanh.com

verizonwirelcoess.com

national-taxs.top

wigzworld.shop

aigenniti.com

cynthia-costello.com

barbitas.com

mullancero.com

radiantpoolscfl.com

tocbe.yachts

lookmovie136.xyz

Targets

- Target
  
  rNO10865687X54-Quote.exe
- Size
  
  703KB
- MD5
  
  48763155ecb4bc6e86492a17ad92a798
- SHA1
  
  0e601363e00c8fd7a9fc7a93e689d36d3b5008fa
- SHA256
  
  edf6c2e805b1b232065ff74c1c2b8c8da24147c9ef17175547ec5fb905005cf1
- SHA512
  
  a563b45539d3e7a14c6277fa38800d33e9378e6a0a2c7a2c074f921f48aa3d8bf5483d0ca14bb42b6182ec1cd48eebb45720fdcdf21263c3eca067c14887d878
- SSDEEP
  
  12288:c570Eww2d1mbT6o22B0vUYmXsfMG8tae766R3TnuG9tUiWjndZp:y0Ew0672m8bskGS773reTjnd
Score

10^/10

formbook hinf rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookhinfratspywarestealertrojan

behavioral2

formbookhinfratspywarestealertrojan

© 2018-2025

Terms | Privacy