formbook | d56e9061e7f6df6e094d1582d817c381f8ce9ac6c3925cba5da96464487a18b7 | Triage

Submit
Reports

Overview

overview

Static

static

3

GSO3357.exe

windows7-x64

GSO3357.exe

windows10-2004-x64

Sharing

General

Target

GSO3357.exe
Size

654KB
Sample

240325-txjxsaff3v
MD5

c77b45b902fb66b1bda25f0c9f32c152
SHA1

e17705713ede18731797bbfd7b5eb31a7ca52477
SHA256

d56e9061e7f6df6e094d1582d817c381f8ce9ac6c3925cba5da96464487a18b7
SHA512

61af84f112b704230a8f07ead38678e2e3052f55a86e8e7c8b480be2a0da03546801d03d328e663a6ba284ded71bba22bac3caf8365848b2e3e8abf8dfb2d348
SSDEEP

12288:Td4CMwtBBGV/8nu3JKhuL3RlcYgbXvApn76bUtaj6b0jZEgVzvF7B5P9ylA:FBJu3FLBlcYEXvApn76bJ3tEAzvNDP4

Score

10^/10

formbook hy07 rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

GSO3357.exe

Resource

win7-20240215-en

formbook hy07 rat spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

GSO3357.exe

Resource

win10v2004-20240226-en

formbook hy07 rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hy07

Decoy

katemclaughl.in

worthyofficial.com

digitopia.click

ledmee.com

siwaasnz.life

ba-y.com

specifiedbuild.com

abandoned-houses-pt-0.bond

yesxoit.xyz

onlinemehrgeld.com

gosysamergoods.com

speakdontell.com

brokenequipmentsolutions.online

gruppofebi.cloud

adilosk.shop

supplierpartnerportal.com

wizov.dev

fast-homeinsurance.com

j88.vote

onamaevn.com

smartbatteryshunt.com

alivo-solutions-inc.net

qdcn16qy.shop

enmawholesale.com

experiencemedia.xyz

shoeloyalty.com

wylderosehealingarts.com

m-1263bets10.com

blanks.page

postcase.site

guangxiav.com

vitlrecruiting.info

go-re.one

rutie.net

donielss.com

hitwin.world

poshplaybliss.com

used-cars-25479.bond

riadanil.com

evrenfayans.xyz

cleopatraselixirs.com

beyondcarbon.xyz

pornimmersion.site

f8serial.site

theoriginals.farm

pvindustriesbv.com

santofantasy.shop

gosignkochava.com

akabox.net

valentinesteddyshop.com

closedealsin90days.com

goodsharbor.com

cbdmarkettrends.com

theartsincarter.com

massivedgeagency.website

totthoit.com

o0qqj7jm.shop

morningcallcoffeestandnola.com

51236.loan

omniahorizon.shop

hellasicks.com

soundbiscuitmusic.net

racerace2024.com

9yywk4.site

de-cosmeticenhancement.today

Targets

- Target
  
  GSO3357.exe
- Size
  
  654KB
- MD5
  
  c77b45b902fb66b1bda25f0c9f32c152
- SHA1
  
  e17705713ede18731797bbfd7b5eb31a7ca52477
- SHA256
  
  d56e9061e7f6df6e094d1582d817c381f8ce9ac6c3925cba5da96464487a18b7
- SHA512
  
  61af84f112b704230a8f07ead38678e2e3052f55a86e8e7c8b480be2a0da03546801d03d328e663a6ba284ded71bba22bac3caf8365848b2e3e8abf8dfb2d348
- SSDEEP
  
  12288:Td4CMwtBBGV/8nu3JKhuL3RlcYgbXvApn76bUtaj6b0jZEgVzvF7B5P9ylA:FBJu3FLBlcYEXvApn76bJ3tEAzvNDP4
Score

10^/10

formbook hy07 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

formbookhy07ratspywarestealertrojan

behavioral2

formbookhy07ratspywarestealertrojan

© 2018-2024

Terms | Privacy