formbook | b196af30d4f938648c5c626b0c578d73d7d1c4f09b2228800ca78744bf508c06 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

Drawing.exe

windows7-x64

Drawing.exe

windows10-2004-x64

Sharing

General

Target

Drawing.exe
Size

603KB
Sample

231012-feq2gsff9y
MD5

9edfa017d41749f89e3ed03de95be047
SHA1

a4ff313cafc64343ffa7afe7ff03fe9f872ab28a
SHA256

b196af30d4f938648c5c626b0c578d73d7d1c4f09b2228800ca78744bf508c06
SHA512

82c24694b21c70096fc8eb5d8dfedf73b03fc88e12206fc8457585fe60b92e72a94d523ab0dc2f1196ef204f90557f5d5360772fce5264440e657b0e22ece68c
SSDEEP

12288:NtHzPrD6MqJ0yadE1dewjSVbJKKGIQh7/xPM7cNmU6:njDZq6dEKJKrIQh7/oU6

Score

10^/10

formbook go95 rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Drawing.exe

Resource

win7-20230831-en

formbook go95 rat spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Drawing.exe

Resource

win10v2004-20230915-en

formbook go95 rat spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

go95

Decoy

shellveil.com

digitaldame.shop

gsqjrl.top

freitasfamilylaw.com

alliancetransportllc.com

connecthospitality.work

awwaloon.com

fomohour.xyz

sjapkhuf.top

designmcraft.com

travelguidanceer.pro

vejashoessuomi.com

smallsipsteel.com

hallowedhavenstudios.com

bestonsports.com

touxiong53a.com

azgskyhvz4.top

strategicroulette.com

69farma.com

cosmosoftventures.com

ssongg872.cfd

integralfit.net

ewapalucka.com

openstakeholder.com

ssongg258.cfd

gunacilix.online

snirvacampo.pro

gasengi.live

you-rediscovered.com

nbazxop.xyz

kambingtoto.com

xiurenwang.club

ragattidesign.com

extraplusdigital.com

turbifypro.com

smm79.xyz

glitterplugbeats.com

laurylee.com

cincyqhi.com

cncqj.com

onlinesports.store

zhongtuo63.com

kombicrash.com

rockytopspiritsco.com

tap10.app

danielhen.com

fredasante.com

virginiadish.com

talktoapm.com

urdcs.cfd

89vh.xyz

theascnedancygroup.com

loadedreview.com

forgingbridgesattr.com

182jj.xyz

ycfzw.com

appoficialnovo.shop

cantrillart.com

rrproperty.net

pluribusmarketing.com

nuvanta.net

blamewho.com

hotshift.show

sharesgram.com

csshotelsystems.com

Targets

- Target
  
  Drawing.exe
- Size
  
  603KB
- MD5
  
  9edfa017d41749f89e3ed03de95be047
- SHA1
  
  a4ff313cafc64343ffa7afe7ff03fe9f872ab28a
- SHA256
  
  b196af30d4f938648c5c626b0c578d73d7d1c4f09b2228800ca78744bf508c06
- SHA512
  
  82c24694b21c70096fc8eb5d8dfedf73b03fc88e12206fc8457585fe60b92e72a94d523ab0dc2f1196ef204f90557f5d5360772fce5264440e657b0e22ece68c
- SSDEEP
  
  12288:NtHzPrD6MqJ0yadE1dewjSVbJKKGIQh7/xPM7cNmU6:njDZq6dEKJKrIQh7/oU6
Score

10^/10

formbook go95 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookgo95ratspywarestealertrojan

behavioral2

formbookgo95ratspywarestealertrojan

© 2018-2025

Terms | Privacy