formbook | 7b9502c277114c4c5cde1d0ce893041f2a880ce2808855ec74faf47485660d51 | Triage

Submit
Reports

Overview

overview

Static

static

3

КОММЕ...К.exe

windows7-x64

КОММЕ...К.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

КОММЕРЧЕСКИЙ ПОСТАВЩИК.exe
Size

646KB
Sample

240103-h3a2aaccbk
MD5

a48a58a847addb1ee3568eabf32b1b9d
SHA1

6bbeec62a240953cffc1a084ea59141a1368600a
SHA256

7b9502c277114c4c5cde1d0ce893041f2a880ce2808855ec74faf47485660d51
SHA512

78cd13f36a0b61bfd4f13401673efd071a6d80da9d27e8988179063182a73a42645a35b1daf30d89856b633a8984172a41dddbcbe884afd2f6626fb16790d19e
SSDEEP

12288:D7Ob4wOCsw0POWu11FDLB3yT+rPbVvYmh20XchGycysYUs1uE5z12H:DGOCsNuJN/z5vYmh2Cc

Score

10^/10

formbook gy14 rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

КОММЕРЧЕСКИЙ ПОСТАВЩИК.exe

Resource

win7-20231215-en

formbook gy14 rat spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

КОММЕРЧЕСКИЙ ПОСТАВЩИК.exe

Resource

win10v2004-20231215-en

formbook gy14 rat spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gy14

Decoy

mavbam.com

theanhedonia.com

budgetnurseries.com

buflitr.com

alqamarhotel.com

2660348.top

123bu6.shop

v72999.com

yzyz841.xyz

247fracing.com

naples.beauty

twinklethrive.com

loscaseros.com

creditspisatylegko.site

sgyy3ej2dgwesb5.com

ufocafe.net

techn9nehollywoodundead.com

truedatalab.com

alterdpxlmarketing.com

harborspringsfire.com

soulheroes.online

tryscriptify.com

collline.com

tulisanemas.com

thelectricandsolar.com

jokergiftcard.buzz

sciencemediainstitute.com

loading-231412.info

ampsportss.com

dianetion.com

169cc.xyz

zezfhys.com

smnyg.com

elenorbet327.com

whatsapp1.autos

0854n5.shop

jxscols.top

camelpmkrf.com

myxtremecleanshq.services

beautyloungebydede.online

artbydianayorktownva.com

functional-yarns.com

accepted6.com

ug19bklo.com

roelofsen.online

batuoe.com

amiciperlacoda.com

883831.com

qieqyt.xyz

vendorato.online

6733633.com

stadtliche-arbeit.info

survivordental.com

mrbmed.com

elbt-ag.com

mtdiyx.xyz

mediayoki.site

zom11.com

biosif.com

aicashu.com

inovarevending.com

8x101n.xyz

ioherstrulybeauty.com

mosaica.online

venitro.com

Targets

- Target
  
  КОММЕРЧЕСКИЙ ПОСТАВЩИК.exe
- Size
  
  646KB
- MD5
  
  a48a58a847addb1ee3568eabf32b1b9d
- SHA1
  
  6bbeec62a240953cffc1a084ea59141a1368600a
- SHA256
  
  7b9502c277114c4c5cde1d0ce893041f2a880ce2808855ec74faf47485660d51
- SHA512
  
  78cd13f36a0b61bfd4f13401673efd071a6d80da9d27e8988179063182a73a42645a35b1daf30d89856b633a8984172a41dddbcbe884afd2f6626fb16790d19e
- SSDEEP
  
  12288:D7Ob4wOCsw0POWu11FDLB3yT+rPbVvYmh20XchGycysYUs1uE5z12H:DGOCsNuJN/z5vYmh2Cc
Score

10^/10

formbook gy14 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookgy14ratspywarestealertrojan

behavioral2

formbookgy14ratspywarestealertrojan

© 2018-2025

Terms | Privacy