formbook | 81f6e3ff9cc821300e30acd628d0579793806ebfb89941d04f9bc33998f9a851 | Triage

Submit
Reports

Overview

overview

Static

static

3

Olağanüs...me.exe

windows7-x64

Olağanüs...me.exe

windows10-2004-x64

Sharing

General

Target

Olağanüstü ödeme.exe
Size

964KB
Sample

240418-l43pgahh56
MD5

ad400a4c8af415892429acb5886a5ee7
SHA1

bd6c023606236c1ccb74863680ca5e74029d3526
SHA256

81f6e3ff9cc821300e30acd628d0579793806ebfb89941d04f9bc33998f9a851
SHA512

977239ebaf324f3409c5cac7fae2163004298ae63cd2a470df3be0256a6d60ffa8c9cd46e72bbbdbef89c91ebaa9122dd9663ed49970df9dc03f1b446b97e5a1
SSDEEP

12288:eYsoBukMEbli8FwgY3zpQ43W/2bsJQG6JETe6dMM9DsMORFYNL8jWiqt+uIfHKdO:3sKlCgGU2QBoETe6u2DiRGJDiq4fHK4

Score

10^/10

formbook gs12 rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Olağanüstü ödeme.exe

Resource

win7-20240220-en

formbook gs12 rat spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Olağanüstü ödeme.exe

Resource

win10v2004-20240412-en

formbook gs12 rat spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gs12

Decoy

juniavilela.com

italiahealth.club

freefoodpro.com

qqmotor.co

mosahacatering.com

wocc.club

tourly360.com

airzf.com

eternalknot1008.com

pons.cc

zdryueva.com

bodution.website

vip8g100013.top

3box.club

bestoffersinoneplace.com

tronbank.club

hlysh.live

allfireofferapp.sbs

goldenvistaservices.com

theconfidencebl-youprint.com

doping.digital

urxetqt.com

utahdatecoach.com

coworkingvalencia.pro

thebeautybarandco.com

umastyle.club

demandstudiosnews.com

k2securityhn.com

teacakesandtadpoles.com

epacksystems.network

y2llvq.vip

udin88b.us

simonettipressurewashing.com

baansbliss.com

messyplayclub.com

panaco.co

kustomequipment.com

actnowgreen.com

tallawahyouthfoundation.com

novistashop.com

oversight418354.email

ypsom.info

enerableoffi.club

otirugkyt.com

mappedbyamanda.com

vibelola.com

nexelab.com

zgcple.info

maiores-veritatis.com

wonderdread.cloud

signomo.com

uspsdirect.shop

finessebuilding.com

heavydutywearpart.com

51win.ink

b-a-s-e.net

xianqianjin.fun

domscott.art

rtp-tambakslot5000.site

sports565.com

kpi-finder.com

taylor.capital

1993520.xyz

hjgd.xyz

lolabeautystudios.com

Targets

- Target
  
  Olağanüstü ödeme.exe
- Size
  
  964KB
- MD5
  
  ad400a4c8af415892429acb5886a5ee7
- SHA1
  
  bd6c023606236c1ccb74863680ca5e74029d3526
- SHA256
  
  81f6e3ff9cc821300e30acd628d0579793806ebfb89941d04f9bc33998f9a851
- SHA512
  
  977239ebaf324f3409c5cac7fae2163004298ae63cd2a470df3be0256a6d60ffa8c9cd46e72bbbdbef89c91ebaa9122dd9663ed49970df9dc03f1b446b97e5a1
- SSDEEP
  
  12288:eYsoBukMEbli8FwgY3zpQ43W/2bsJQG6JETe6dMM9DsMORFYNL8jWiqt+uIfHKdO:3sKlCgGU2QBoETe6u2DiRGJDiq4fHK4
Score

10^/10

formbook gs12 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

formbookgs12ratspywarestealertrojan

behavioral2

formbookgs12ratspywarestealertrojan

© 2018-2024

Terms | Privacy