formbook | 7e27edc8405ad4fdfcf6d5de75046b0dace6386f05dac3382629b0692274f861 | Triage

Submit
Reports

Overview

overview

Static

static

5

7e27edc840...61.exe

windows7-x64

7e27edc840...61.exe

windows10-2004-x64

Sharing

General

Target

7e27edc8405ad4fdfcf6d5de75046b0dace6386f05dac3382629b0692274f861.exe
Size

1.1MB
Sample

240809-w3sg8axfme
MD5

b0896ccaf97625a546e53df07bb98769
SHA1

39d66b58804ff0f1b600b910713118041f0ddd4b
SHA256

7e27edc8405ad4fdfcf6d5de75046b0dace6386f05dac3382629b0692274f861
SHA512

2aa7ead5dd4ef225acecd4d56d1735b7041e1e772e5c82f177561638d262daeff4aca86c14a1b1bcaef5d4cf538d65b3bd0d5842a3382559d7727a379f74e50f
SSDEEP

24576:1qDEvCTbMWu7rQYlBQcBiT6rprG8acGCRB5I89:1TvC/MTQYxsWR7acjp

Score

10^/10

formbook cn14 discovery rat spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

7e27edc8405ad4fdfcf6d5de75046b0dace6386f05dac3382629b0692274f861.exe

Resource

win7-20240729-en

formbook cn14 discovery rat spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

7e27edc8405ad4fdfcf6d5de75046b0dace6386f05dac3382629b0692274f861.exe

Resource

win10v2004-20240802-en

formbook cn14 discovery rat spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cn14

Decoy

fgfdwr254u.xyz

arm-uk.com

qoachu.com

radiantpm.christmas

ghacor.delivery

lindasartgmbh.com

agroguasch.com

silverlinedevelopment.net

1000thb.com

bremwq.xyz

qweuiop.top

dental-implants-21860.bond

elotesaguafria.com

biagiottifraticelli.com

pureleafworks.com

mokomusic.com

lunarqr.shop

bestbuyprods.com

michaelsec.com

morganstore.net

adventureswithbeans.com

kavitaforcm.com

irananalog.com

newvisio.com

casino-x-zerkalo8tn6.xyz

attrji115s.top

6eidh1.xyz

gharamedibleoil.com

rtptwitspin.autos

wdzhsy.asia

nocyon.com

pawsomepastriesofgeorgia.com

drnutritionnn.xyz

1fkgfgn98.shop

wangpumen-2hhh222.xyz

ya37w.top

cinematography-jobs-74591.bond

mcboysclub.xyz

3e032.com

trauma911.net

tcsjarky.com

geekstreaming.com

stsfilo.com

pixellab.top

seocuba.com

sos-easyappclient.net

westbournedentalsurgery.com

bookishbusiness.com

ljstf.com

poshyyh.christmas

jasminemariahopkins.com

bdsign.ink

tamracollection.com

alpha-kicks.com

kamramhay.com

bowoslot.lol

epigraphbio.com

tbcxmq834x.top

57-24.sbs

qewpc.asia

insuranceinfoo.xyz

core-forex.net

phenixex.com

14033.shop

thesharkysteps.com

Targets

- Target
  
  7e27edc8405ad4fdfcf6d5de75046b0dace6386f05dac3382629b0692274f861.exe
- Size
  
  1.1MB
- MD5
  
  b0896ccaf97625a546e53df07bb98769
- SHA1
  
  39d66b58804ff0f1b600b910713118041f0ddd4b
- SHA256
  
  7e27edc8405ad4fdfcf6d5de75046b0dace6386f05dac3382629b0692274f861
- SHA512
  
  2aa7ead5dd4ef225acecd4d56d1735b7041e1e772e5c82f177561638d262daeff4aca86c14a1b1bcaef5d4cf538d65b3bd0d5842a3382559d7727a379f74e50f
- SSDEEP
  
  24576:1qDEvCTbMWu7rQYlBQcBiT6rprG8acGCRB5I89:1TvC/MTQYxsWR7acjp
Score

10^/10

formbook cn14 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookcn14discoveryratspywarestealertrojan

behavioral2

formbookcn14discoveryratspywarestealertrojan

© 2018-2025

Terms | Privacy