formbook | acf03676e5dd002d0dc94a2b50e83dda78d287ee9b07ad2c9659688310015820 | Triage

Submit
Reports

Overview

overview

Static

static

5

Quotation.exe

windows7-x64

Quotation.exe

windows10-2004-x64

Sharing

General

Target

Quotation.exe
Size

1.1MB
Sample

240725-rkj1xawcmb
MD5

e5834e14777d7df91dc61f75c796e07a
SHA1

1307720fcf7f9df9dc5d3f7393229b92f56b2480
SHA256

acf03676e5dd002d0dc94a2b50e83dda78d287ee9b07ad2c9659688310015820
SHA512

048b73353999a417d239f488743656dee95b0b3b8ed8a0c8adca5ba9474ffbc2d22223d51e4b852bf6bbb189ad3bb127ae59f2d062e8171f77b0223b4bca31cc
SSDEEP

24576:/qDEvCTbMWu7rQYlBQcBiT6rprG8aLHqGzPdlAx:/TvC/MTQYxsWR7aLHbzPD

Score

10^/10

formbook ty31 discovery rat spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Quotation.exe

Resource

win7-20240705-en

formbook ty31 discovery rat spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Quotation.exe

Resource

win10v2004-20240709-en

formbook ty31 discovery rat spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ty31

Decoy

jejakunik.com

inb319.com

jifsjn.buzz

gkyukon.site

43443.cfd

cogil69id.com

oeaog.com

lpgatm.com

mymarketsales.com

tomclk.icu

404417.online

nysconstruction.com

ourwisequote.com

ahsanadvisory.com

ottawaherps.com

forevermust.com

apartments-for-rent-47679.bond

kdasjijaksdd.icu

buthaynah.com

manggungjayakanopi.com

cookygan.com

regalessencebeautystudio.com

material.directory

szxart.xyz

ykdbyjk.xyz

hankahve.com

tiituitdsa.net

avantbrews.com

springpace.com

seriesjeans.com

technikwunder.com

angellsonline.com

soujany.com

buysleepp.com

voltvanbage.com

qdhaohuisuan.com

bluedolphinshop.com

aguanegocios.com

abstractdiffusion.com

bahisanaliz16.xyz

weight-loss-34761.bond

x216.icu

twmallll.com

poalsdji.buzz

agtsolargrowth.biz

pixelcloudtec.com

0512155.com

mypsychedeliceducation.com

0306951.top

screw-air-compressor.com

10140wildhawk.com

antheaclinic.com

tppclients.com

needpickleball.com

iraq-visions.com

rtpbonanza138.skin

wjzjs.com

dw6msr8.icu

lepriossa.com

tiktokglobal.shop

youwu.autos

tripshipglobal.com

ncpekingducktogo.com

winbd24.com

xiaobanhome.com

Targets

- Target
  
  Quotation.exe
- Size
  
  1.1MB
- MD5
  
  e5834e14777d7df91dc61f75c796e07a
- SHA1
  
  1307720fcf7f9df9dc5d3f7393229b92f56b2480
- SHA256
  
  acf03676e5dd002d0dc94a2b50e83dda78d287ee9b07ad2c9659688310015820
- SHA512
  
  048b73353999a417d239f488743656dee95b0b3b8ed8a0c8adca5ba9474ffbc2d22223d51e4b852bf6bbb189ad3bb127ae59f2d062e8171f77b0223b4bca31cc
- SSDEEP
  
  24576:/qDEvCTbMWu7rQYlBQcBiT6rprG8aLHqGzPdlAx:/TvC/MTQYxsWR7aLHbzPD
Score

10^/10

formbook ty31 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookty31discoveryratspywarestealertrojan

behavioral2

formbookty31discoveryratspywarestealertrojan

© 2018-2024

Terms | Privacy