formbook | 9206da924147e9cc204405a4fe9494c19fb50365c243188ee80ebeeae7d39351 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

9206da9241...51.exe

windows7-x64

9206da9241...51.exe

windows10-2004-x64

Sharing

General

Target

9206da924147e9cc204405a4fe9494c19fb50365c243188ee80ebeeae7d39351.exe
Size

537KB
Sample

231127-vhnsvsad5z
MD5

eddb45e0917911908d24f104fcf134dd
SHA1

09c5c74cdb780570b97d953b6c64aa519eb352be
SHA256

9206da924147e9cc204405a4fe9494c19fb50365c243188ee80ebeeae7d39351
SHA512

f261a60e021e092eb008f2b53ac57e054adc48ad933aebdc36cce2e3f10a005ba42c5b1a1b6031da7d75ce95415f14434f8e32f37f593b6dac796ba13166e2c4
SSDEEP

12288:1y8o94Kms3Y4K/O0nCQJ47/znWk/eFecVPuLWnVerFVCKEH:1FCiALixnd2jW+ykVpV1e

Score

10^/10

formbook gy14 rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9206da924147e9cc204405a4fe9494c19fb50365c243188ee80ebeeae7d39351.exe

Resource

win7-20231023-en

formbook gy14 rat spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

9206da924147e9cc204405a4fe9494c19fb50365c243188ee80ebeeae7d39351.exe

Resource

win10v2004-20231020-en

formbook gy14 rat spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gy14

Decoy

mavbam.com

theanhedonia.com

budgetnurseries.com

buflitr.com

alqamarhotel.com

2660348.top

123bu6.shop

v72999.com

yzyz841.xyz

247fracing.com

naples.beauty

twinklethrive.com

loscaseros.com

creditspisatylegko.site

sgyy3ej2dgwesb5.com

ufocafe.net

techn9nehollywoodundead.com

truedatalab.com

alterdpxlmarketing.com

harborspringsfire.com

soulheroes.online

tryscriptify.com

collline.com

tulisanemas.com

thelectricandsolar.com

jokergiftcard.buzz

sciencemediainstitute.com

loading-231412.info

ampsportss.com

dianetion.com

169cc.xyz

zezfhys.com

smnyg.com

elenorbet327.com

whatsapp1.autos

0854n5.shop

jxscols.top

camelpmkrf.com

myxtremecleanshq.services

beautyloungebydede.online

artbydianayorktownva.com

functional-yarns.com

accepted6.com

ug19bklo.com

roelofsen.online

batuoe.com

amiciperlacoda.com

883831.com

qieqyt.xyz

vendorato.online

6733633.com

stadtliche-arbeit.info

survivordental.com

mrbmed.com

elbt-ag.com

mtdiyx.xyz

mediayoki.site

zom11.com

biosif.com

aicashu.com

inovarevending.com

8x101n.xyz

ioherstrulybeauty.com

mosaica.online

venitro.com

Targets

- Target
  
  9206da924147e9cc204405a4fe9494c19fb50365c243188ee80ebeeae7d39351.exe
- Size
  
  537KB
- MD5
  
  eddb45e0917911908d24f104fcf134dd
- SHA1
  
  09c5c74cdb780570b97d953b6c64aa519eb352be
- SHA256
  
  9206da924147e9cc204405a4fe9494c19fb50365c243188ee80ebeeae7d39351
- SHA512
  
  f261a60e021e092eb008f2b53ac57e054adc48ad933aebdc36cce2e3f10a005ba42c5b1a1b6031da7d75ce95415f14434f8e32f37f593b6dac796ba13166e2c4
- SSDEEP
  
  12288:1y8o94Kms3Y4K/O0nCQJ47/znWk/eFecVPuLWnVerFVCKEH:1FCiALixnd2jW+ykVpV1e
Score

10^/10

formbook gy14 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookgy14ratspywarestealertrojan

behavioral2

formbookgy14ratspywarestealertrojan

© 2018-2025

Terms | Privacy