formbook | 1129fe21c10584db13d4938057daaf0902ade1e86f777d5a3f60385cf84c43cd | Triage

Submit
Reports

Overview

overview

Static

static

3

f0164ec8c2...b0.exe

windows7-x64

f0164ec8c2...b0.exe

windows10-2004-x64

Sharing

General

Target

1129fe21c10584db13d4938057daaf0902ade1e86f777d5a3f60385cf84c43cd
Size

662KB
Sample

240417-r86vksed61
MD5

148aef8c2e85d05977c5bbae4efd78ae
SHA1

b908989ef4a2d7374cc851ed25a2515cda377a4a
SHA256

1129fe21c10584db13d4938057daaf0902ade1e86f777d5a3f60385cf84c43cd
SHA512

02e321bfd0d1ae535d0fcce930017929446d24189a566f6d3df8a1075cd152522bc0d8199db72963d2c480fff334ea61584abf51e874c59d2dd6cb444508f15a
SSDEEP

12288:h6tnfU+Ae1A5iV8PRowfGszainZ0xSUspxFyK+tvkz/b2xZHewG:hOfwwwiibzaGiVsQ9kzKD+wG

Score

10^/10

formbook gy14 rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f0164ec8c236a65046db19bb07dc24d20c7785bf1adc0823d89b568164dae9b0.exe

Resource

win7-20240215-en

formbook gy14 rat spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

f0164ec8c236a65046db19bb07dc24d20c7785bf1adc0823d89b568164dae9b0.exe

Resource

win10v2004-20240412-en

formbook gy14 rat spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gy14

Decoy

mavbam.com

theanhedonia.com

budgetnurseries.com

buflitr.com

alqamarhotel.com

2660348.top

123bu6.shop

v72999.com

yzyz841.xyz

247fracing.com

naples.beauty

twinklethrive.com

loscaseros.com

creditspisatylegko.site

sgyy3ej2dgwesb5.com

ufocafe.net

techn9nehollywoodundead.com

truedatalab.com

alterdpxlmarketing.com

harborspringsfire.com

soulheroes.online

tryscriptify.com

collline.com

tulisanemas.com

thelectricandsolar.com

jokergiftcard.buzz

sciencemediainstitute.com

loading-231412.info

ampsportss.com

dianetion.com

169cc.xyz

zezfhys.com

smnyg.com

elenorbet327.com

whatsapp1.autos

0854n5.shop

jxscols.top

camelpmkrf.com

myxtremecleanshq.services

beautyloungebydede.online

artbydianayorktownva.com

functional-yarns.com

accepted6.com

ug19bklo.com

roelofsen.online

batuoe.com

amiciperlacoda.com

883831.com

qieqyt.xyz

vendorato.online

6733633.com

stadtliche-arbeit.info

survivordental.com

mrbmed.com

elbt-ag.com

mtdiyx.xyz

mediayoki.site

zom11.com

biosif.com

aicashu.com

inovarevending.com

8x101n.xyz

ioherstrulybeauty.com

mosaica.online

venitro.com

Targets

- Target
  
  f0164ec8c236a65046db19bb07dc24d20c7785bf1adc0823d89b568164dae9b0.exe
- Size
  
  804KB
- MD5
  
  5caf11e8152e62b0390dfb238cf334fd
- SHA1
  
  1c421dfe825cd736208eba05e1f97949e1c31cb2
- SHA256
  
  f0164ec8c236a65046db19bb07dc24d20c7785bf1adc0823d89b568164dae9b0
- SHA512
  
  c5a0932c8fe7d3f60ccfd51951befe9513fa78fae65bb60b7494205713dbaa05e0cfd43d76aac3eb1f47cf73a2e8c66e51e9052dfefaa39a3af175de536d7f13
- SSDEEP
  
  12288:GstXkJgxtAg3ulQ882gHDrvWecYYx/vH4+WOuJuHO49NiaFmyVSJr6Wz:Gza3Ag3QQ88NjrvgDvXWluHn9NzC6o
Score

10^/10

formbook gy14 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

formbookgy14ratspywarestealertrojan

behavioral2

formbookgy14ratspywarestealertrojan

© 2018-2024

Terms | Privacy