formbook | 7e8b932504273b89321e9108f3e319e40725e8971c27fd1e5f3d98cce4f013e9 | Triage

Submit
Reports

Overview

overview

Static

static

5

MV SANTA M...df.exe

windows7-x64

MV SANTA M...df.exe

windows10-2004-x64

Sharing

General

Target

7e8b932504273b89321e9108f3e319e40725e8971c27fd1e5f3d98cce4f013e9
Size

720KB
Sample

240830-b27kjaserm
MD5

2ad4a395db6a94329f3fc35d0238488b
SHA1

762c997fb48b563b637c98407ebece57511600da
SHA256

7e8b932504273b89321e9108f3e319e40725e8971c27fd1e5f3d98cce4f013e9
SHA512

1776cbe83401e2b083bf3baa9388b4a7f214cbca70c59b6eddf377a741d5a718e232fd5ef54c79514f033ae343bde74c476bc4ddf5c3c2f77a0f435cdd44e30d
SSDEEP

12288:5XaHf/EP1shbaGA9hRXI+QHuCFpv5/PsydSp3SJYLYrXF6N4r07:5XaH0P1Y9A9haYcsydSRSJY4XUyr07

Score

10^/10

formbook ph01 discovery rat spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

MV SANTA MARGHERITA_pdf.exe

Resource

win7-20240708-en

formbook ph01 discovery rat spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

MV SANTA MARGHERITA_pdf.exe

Resource

win10v2004-20240802-en

formbook ph01 discovery rat spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ph01

Decoy

23888.sbs

zvcj.sbs

raitpourtrait.net

ibraryfarmclub.online

omputercourses123.live

j88.doctor

atsue-color.click

epitalrentgrup.online

rvvpn.lol

i-signals.tech

cr-phoenix.best

frican-safari.online

c-games.zone

oardetest.online

f4md.shop

uke-saaac.buzz

arze.dev

nvestment-services-49610.bond

izatrip.sbs

ameron-paaaa.buzz

esourceshark.info

ovamedrx.net

yzena.tech

ichardsjewelers.shop

olar-panel-jobs-67676.bond

oreanewspapers.top

olcon.live

evzuatakademi.online

ackdoortwinks.net

s23301.top

ool-works.net

inhhuan5g.sbs

redit-cards-se-9.bond

9509.club

athroomremodeling-pa-us2.click

obbypetrino.shop

uliet707.vip

bvcaz.xyz

ppcashvip.online

d-animation-degree-99775.bond

p39.xyz

hatsapz8.top

eamidiots.shop

mujo57abmb6c9me.app

edinvest.tech

hiskerwonderspro.yachts

glczs.shop

andscaping-services-69969.bond

93wh245ds.autos

arubear.shop

yqwzijbfrh9.asia

hiramon.cloud

5cbrx.shop

ahjong168.vip

echanictrainingsearch.today

lientserver.cfd

eeklybyte.net

oanweb.live

astbaytreecareservice.info

47000.xyz

r-software-14916.bond

8376.club

ublimax.online

uckchina.net

ootdetoxes.shop

Targets

- Target
  
  MV SANTA MARGHERITA_pdf.exe
- Size
  
  1.1MB
- MD5
  
  397680610e1594890cecbb39b80975f7
- SHA1
  
  8c3c1947056f25e064ff53da967888b2f4775123
- SHA256
  
  fd41013cab1a59a03989694f44428c54f7531e526448c3cd9eea90d7d53847d5
- SHA512
  
  e6a2e8650f144af8fcf6f92525140aca324a7b706a006e02488f675ee5a25678ff1721e35bf8902d3d897e99df123c19bc53240932fdf812ec1948b90a88346e
- SSDEEP
  
  24576:TqDEvCTbMWu7rQYlBQcBiT6rprG8a4uy7SXcJO6XEeLc:TTvC/MTQYxsWR7a4tRJDT
Score

10^/10

formbook ph01 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookph01discoveryratspywarestealertrojan

behavioral2

formbookph01discoveryratspywarestealertrojan

© 2018-2025

Terms | Privacy