formbook | 741e54e8d4c95d3a939bea610b4805e417a0662e17e5811aa72466d74f0fe9b4 | Triage

Submit
Reports

Overview

overview

Static

static

3

2acc48ac59...7d.exe

windows7-x64

2acc48ac59...7d.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

2acc48ac59c4d56bd7ac05e52cf1117d
Size

1.1MB
Sample

231231-gl4rlacbc8
MD5

2acc48ac59c4d56bd7ac05e52cf1117d
SHA1

ebfd27d0fd630d2212934a92ed30d66035ab16ee
SHA256

741e54e8d4c95d3a939bea610b4805e417a0662e17e5811aa72466d74f0fe9b4
SHA512

fcf2b00192f268fa31a071bf10306399b3450abab81899be34d89f74528c57c1507cdd52d98938d57489d664b87a2660fa3152acee36cb52428249bb7fce63a0
SSDEEP

24576:6lQ7oY8FYMblhBIgzqRDPzdzN543puwbmF:wQoyA1ZqrdKjm

Score

10^/10

formbook odse rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2acc48ac59c4d56bd7ac05e52cf1117d.exe

Resource

win7-20231129-en

formbook odse rat spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

2acc48ac59c4d56bd7ac05e52cf1117d.exe

Resource

win10v2004-20231215-en

formbook odse rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

odse

Decoy

braedlifestyle.com

morganjohnsondesign.online

surup-v48.club

diypoolpaint.sydney

v-b7026-ghhh.space

vetyvar.com

lollydaisy.com

campsitesurvival.com

autocalibre.com

fusiontech3d.com

xn--udkog0cvez259c82sa.xyz

eccentricartist.com

jc-zg.com

wacwin.com

livehealthychoice.com

visijuara.com

phigsa.com

sabayawork.com

afcerd.com

joeyshousesessions.com

fancycn.com

fem-iam.com

sinopocasles.com

skypalaceportal.com

wqajecjeias.com

selfscienceslabs.com

workingtitle.agency

asianartsawards.com

healtyhouse.com

iloveme.life

espacioleiva.com

dac71047.com

soldbygenajohnson.com

motherhenscoop.com

polkadotcoins.com

muslimmediation.com

grub-groove.com

albertaeatsfood.com

mixedplaylists.com

miamimotorcycleshop.com

unegublog.com

generalssoccer.com

manhattanlandscapedesign.com

cuongnguyen3r2j.com

stonelodgeseniorliving.com

swissinternationaltrustb.com

novemento.club

bladesmts.com

espiaruncelular.net

talasoglufinans.com

sargeworld.com

newlifenowblog.com

sugaringpalms.com

xaoikevesesede.com

mintyline.com

paleonade.com

saharsaghi.com

kentchimney.com

whipitgudd.com

gmopst.com

likekopi.com

spoonproductions-catering.com

annotake.com

stm32heaven.com

guncelekspres.com

Targets

- Target
  
  2acc48ac59c4d56bd7ac05e52cf1117d
- Size
  
  1.1MB
- MD5
  
  2acc48ac59c4d56bd7ac05e52cf1117d
- SHA1
  
  ebfd27d0fd630d2212934a92ed30d66035ab16ee
- SHA256
  
  741e54e8d4c95d3a939bea610b4805e417a0662e17e5811aa72466d74f0fe9b4
- SHA512
  
  fcf2b00192f268fa31a071bf10306399b3450abab81899be34d89f74528c57c1507cdd52d98938d57489d664b87a2660fa3152acee36cb52428249bb7fce63a0
- SSDEEP
  
  24576:6lQ7oY8FYMblhBIgzqRDPzdzN543puwbmF:wQoyA1ZqrdKjm
Score

10^/10

formbook odse rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookodseratspywarestealertrojan

behavioral2

formbookodseratspywarestealertrojan

© 2018-2025

Terms | Privacy