formbook | 239a8da808d8c8af3c89dda0bfeec6ab1f28a65fefca254e42ac993ee887abd0 | Triage

Submit
Reports

Overview

overview

Static

static

3

e1e7b17c9e...60.exe

windows7-x64

e1e7b17c9e...60.exe

windows10-2004-x64

Sharing

General

Target

e1e7b17c9e0a298346b82f04fabd4f60
Size

604KB
Sample

240327-rywa4aeb72
MD5

e1e7b17c9e0a298346b82f04fabd4f60
SHA1

735264e7cd43dca269582680ce3609eb5cac0418
SHA256

239a8da808d8c8af3c89dda0bfeec6ab1f28a65fefca254e42ac993ee887abd0
SHA512

929478f7a8a88cbbd7a31891cf886a24608bbbfcf5128d5e4683e50aa7cb916b1216194e2186eb2ea51c7511caecb4fac03fda3ae037dc22ceaf7522f6577f32
SSDEEP

12288:KGFOsBgo0q4wMHDyKmBiFmK19sMS+2fI59BDNUHG4lBzGLTq9jbWBCVv:K4OsBgo0q4wMHDyKmBioI9sI2fI5PBU/

Score

10^/10

formbook vd9n rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e1e7b17c9e0a298346b82f04fabd4f60.exe

Resource

win7-20240220-en

formbook vd9n rat spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

e1e7b17c9e0a298346b82f04fabd4f60.exe

Resource

win10v2004-20240319-en

formbook vd9n rat spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vd9n

Decoy

theunwrappedcollective.com

seckj-ic.com

tyresandover.com

thetrophyworld.com

fonggrconstruction.com

hopiproject.com

sktitle.com

charlotteobscurer.com

qjuhe.com

girlzglitter.com

createmylawn.com

hempcbgpill.com

zzdfdzkj.com

shreehariessential.com

226sm.com

getcupscall.com

neuralviolin.com

sanskaar.life

xn--fhqrm54yyukopc.com

togetherx4fantasy5star.today

buyonlinesaree.com

percyshandman.site

hatchethangout.com

rugpat.com

zen-gizmo.com

vipmomali.com

lacerasavall.cat

aqueouso.com

mkolgems.com

sevenhundredseventysix.fund

fotografhannaneret.com

mitravy.com

bmtrans.net

linterpreting.com

izquay.com

sawaturkey.com

marche-maman.com

eemygf.com

animenovel.com

travelssimply.com

montecitobutterfly.com

volebahis.com

daniela.red

ramseyedk12.com

leyterealestate.info

patriotstrong.net

vkgcrew.com

nadhiradeebaazkiya.online

hotelcarre.com

myfabulouscollection.com

stellantis-luxury-rent.com

hn2020.xyz

emilyscopes.com

lotosouq.com

lovecord.date

stconstant.online

volkite-culverin.net

allwaysautism.com

sheisnatashasimone.com

sepantaceram.com

ishopgrady.com

lifestorycard.com

sexybbwavailable.website

domainbaycapital.com

constructioncleanup.pro

Targets

- Target
  
  e1e7b17c9e0a298346b82f04fabd4f60
- Size
  
  604KB
- MD5
  
  e1e7b17c9e0a298346b82f04fabd4f60
- SHA1
  
  735264e7cd43dca269582680ce3609eb5cac0418
- SHA256
  
  239a8da808d8c8af3c89dda0bfeec6ab1f28a65fefca254e42ac993ee887abd0
- SHA512
  
  929478f7a8a88cbbd7a31891cf886a24608bbbfcf5128d5e4683e50aa7cb916b1216194e2186eb2ea51c7511caecb4fac03fda3ae037dc22ceaf7522f6577f32
- SSDEEP
  
  12288:KGFOsBgo0q4wMHDyKmBiFmK19sMS+2fI59BDNUHG4lBzGLTq9jbWBCVv:K4OsBgo0q4wMHDyKmBioI9sI2fI5PBU/
Score

10^/10

formbook vd9n rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

formbookvd9nratspywarestealertrojan

behavioral2

formbookvd9nratspywarestealertrojan

© 2018-2024

Terms | Privacy