formbook | 297022aace9eedb2bff66cc4178d7961265e2b6e592cb65a03e6854a5bcfb02d | Triage

Submit
Reports

Overview

overview

Static

static

3

RE SWIFT D...df.exe

windows7-x64

RE SWIFT D...df.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

RE SWIFT DOZNAKA 1 pdf.exe
Size

1.2MB
Sample

230922-19r79ace99
MD5

96c304685994e3191e40a493f10d80a6
SHA1

c4096ef0e18d73266c7df284e42254674540d96b
SHA256

297022aace9eedb2bff66cc4178d7961265e2b6e592cb65a03e6854a5bcfb02d
SHA512

d466725a34edec20d8f5beb6746c3d9f4a2ea157b1190cf3f3a60e714b2d8fb5c243b2fb6bf98b86ea32032c93bd6d09b438078a60c57be2cf8356a47484a561
SSDEEP

24576:z523xyh3kk9HfhFnDOoLc4KDbm3DVBAB:U383kk/xG

Score

10^/10

formbook ca persistence rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

RE SWIFT DOZNAKA 1 pdf.exe

Resource

win7-20230831-en

formbook ca persistence rat spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

RE SWIFT DOZNAKA 1 pdf.exe

Resource

win10v2004-20230915-en

formbook ca rat spyware stealer trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

ca

Decoy

etrade668.com

witchwardrobe.com

fresh-express.info

court-of-protection-abuse.com

mydomaine.pizza

chiquirritmo.com

goldennestconstructions.com

gldqn.com

songkorea.com

epaqint.com

3201wargyle1s.info

batdongsanhungphu.com

higheredandbeyond.com

tenpro25.date

drzcapital.com

corporativoacarsa.com

happyupward.net

aljyc.link

travellerit.com

dazhongpuhui.com

kokrishop.com

zekporno.com

kkkav61611.com

cgllt.com

ferhat.photography

persiangloriessaga.com

residenz-schrofenblick.com

chuiniupi.net

take2mediation.com

bdoiron.com

shortforlong.com

105manbet.com

ufjzen.info

robots-electronics.com

amillionormorethingstodo.com

bransonmichelesflowers.com

zarchain.com

lillucke.com

simplare.com

topviews.online

fortworthwww.com

revitalifeclinicuae.info

baxter.group

florallis.com

scma1.com

coar.solutions

3pastel-takako.net

desertsteelart.com

qualitytrade.today

toinner.net

linguisticspcfit.online

2017weiyi.com

ugetit.net

kashikiriparty2.com

yunfanat.com

boteinstein.com

ashleyilikea.com

qixoq.loan

bdb.ink

livingstonparkinc.com

ramseyindustries.biz

91yima.com

pengyuze.com

patrick-friedl.com

daylleosin.info

Targets

- Target
  
  RE SWIFT DOZNAKA 1 pdf.exe
- Size
  
  1.2MB
- MD5
  
  96c304685994e3191e40a493f10d80a6
- SHA1
  
  c4096ef0e18d73266c7df284e42254674540d96b
- SHA256
  
  297022aace9eedb2bff66cc4178d7961265e2b6e592cb65a03e6854a5bcfb02d
- SHA512
  
  d466725a34edec20d8f5beb6746c3d9f4a2ea157b1190cf3f3a60e714b2d8fb5c243b2fb6bf98b86ea32032c93bd6d09b438078a60c57be2cf8356a47484a561
- SSDEEP
  
  24576:z523xyh3kk9HfhFnDOoLc4KDbm3DVBAB:U383kk/xG
Score

10^/10

formbook ca persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Adds policy Run key to start application
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookcapersistenceratspywarestealertrojan

behavioral2

formbookcaratspywarestealertrojan

© 2018-2025

Terms | Privacy