formbook | d404e5865cddbf47f6a494f9120130035b3ac5761810dc75e20bc28873327547 | Triage

Submit
Reports

Overview

overview

Static

static

3

SecuriteIn...47.exe

windows7-x64

SecuriteIn...47.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Win32.PWSX-gen.30247.2423
Size

550KB
Sample

231011-y2k3vscg25
MD5

5adbfe3a05eb61b2d2620b6538dc5772
SHA1

8bee7a099e2c1753a62be196915da3756758e75c
SHA256

d404e5865cddbf47f6a494f9120130035b3ac5761810dc75e20bc28873327547
SHA512

5d66a876e199a1733c9c445cdb5d2c4d4842373a710c6a93c088d1d5456ef7c6a3308a56b1b00c5852457ec8db8108b1fe278f45b0dcc7b7433ea20b9e4a465c
SSDEEP

12288:JZ725ZbHWLBajVyuexPgAHsP3o4roF6Btp3P:uCQSxPgAIogPBth

Score

10^/10

formbook ey16 rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Win32.PWSX-gen.30247.exe

Resource

win7-20230831-en

formbook ey16 rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Win32.PWSX-gen.30247.exe

Resource

win10v2004-20230915-en

formbook ey16 rat spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ey16

Decoy

slimshotonline.com

rifaboa.com

metallzauber.com

jabandfuel.com

reacthat.com

qcgaeu.top

ssongg446.cfd

29kuan7.cfd

101agh.com

reliablii.com

luginfinity.com

e513.cloud

k4lantar.sbs

etoempire.com

phons.info

vovacom.com

birbakalim.fun

wellhousesctx.com

flthg.link

strasburgangus.com

warehouse-jobs-19432.bond

tisduallywheels.com

gbcontabilidade.com

nsyoiq.top

erlacx.xyz

graphic-design-degrees-us.xyz

therealopulent.com

genw.support

fmfo.asia

rrbookreviews.com

cirbs.com

afu-bf.net

northwesttheatreballet.com

koru.clinic

railway-tandoori.com

dumpsterrentalreading.com

73a73.com

ysudveg.buzz

y0rvragmr5.com

dataroomfiscale.com

jbfinishing.com

dcm393.com

nebulousharmony.bet

solaldesign.com

ssongg4323.cfd

rentingstudio.com

affiliatemarketingjoy.com

cvilleflowerfarm.com

huhubet505.com

bigpeople.top

casaalmafurniture.com

yccop.cfd

moviescoutt.com

wholemind.store

hvvwff.net

xn--srsz50dqxa5xb3rn52a.com

aunoption.com

zgtiku.com

jnbks.link

alqalamacademy.net

fly-destiny.com

servprowestpalm.com

itdev.life

paover.com

trsmine.com

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.30247.2423
- Size
  
  550KB
- MD5
  
  5adbfe3a05eb61b2d2620b6538dc5772
- SHA1
  
  8bee7a099e2c1753a62be196915da3756758e75c
- SHA256
  
  d404e5865cddbf47f6a494f9120130035b3ac5761810dc75e20bc28873327547
- SHA512
  
  5d66a876e199a1733c9c445cdb5d2c4d4842373a710c6a93c088d1d5456ef7c6a3308a56b1b00c5852457ec8db8108b1fe278f45b0dcc7b7433ea20b9e4a465c
- SSDEEP
  
  12288:JZ725ZbHWLBajVyuexPgAHsP3o4roF6Btp3P:uCQSxPgAIogPBth
Score

10^/10

formbook ey16 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookey16ratspywarestealertrojan

behavioral2

formbookey16ratspywarestealertrojan

© 2018-2025

Terms | Privacy