formbook | 99949de6387b38b04db2ff140d3b98b48d4087a36d62c5ad1feb35ddf513b75c | Triage

Submit
Reports

Overview

overview

Static

static

5

Payment advice.exe

windows7-x64

Payment advice.exe

windows10-2004-x64

Sharing

General

Target

99949de6387b38b04db2ff140d3b98b48d4087a36d62c5ad1feb35ddf513b75c
Size

835KB
Sample

240918-f2a9jsvbjc
MD5

35a96755594bc6fffefd7e651b9cf290
SHA1

5355306d237120299c5a6fd0aeac2a2b040c17d8
SHA256

99949de6387b38b04db2ff140d3b98b48d4087a36d62c5ad1feb35ddf513b75c
SHA512

4068c770fc38ee2b0ccc2feae2c365baa01a7844868858788df415fee26f7a195e8e882d97a7af7c27b8f33f949c454c6a6990e2b1319001b03a20c850a809a5
SSDEEP

24576:EzFh6Ax5KkdYBlEui2IktW//xG+B3HkaF5:AFh6MKkWUmIVxG+ZHF

Score

10^/10

formbook c24t discovery rat spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Payment advice.exe

Resource

win7-20240903-en

formbook c24t discovery rat spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Payment advice.exe

Resource

win10v2004-20240802-en

formbook c24t discovery rat spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c24t

Decoy

ealthbridgeccs.online

ngelicais.art

uktuksu1.sbs

fapoker.asia

hecreature.tech

orenzoplaybest14.xyz

op-smartphones-deal.today

delark.click

7395.asia

otnews.cfd

j16e.xyz

oko.events

fscxb.top

roudtxliberals.vote

asas-br.bond

ourhealthyourlife.shop

fbpd.top

j9u9.xyz

uijiuw.top

aming-chair-37588.bond

uaweiharmony.top

458881233.men

ewancash.boats

mss-rb2.net

472.top

yhomeshop.online

j88.travel

02s-pest-control-us-ze.fun

oinl.club

ouseware.today

1385.net

eviewmadu.top

khizmetlergirisyapzzz2024.net

dcnn.net

aketrtpmvpslot88.info

hoys.club

ealerslot.net

consuyt.xyz

ilw.legal

aithful.events

est-life-insurance-2507.today

rvinsadeli.dev

sx9u.shop

23fd595ig.autos

yrhbt.shop

commerce-74302.bond

lc-driving-school.net

7y1ps.shop

earing-tests-69481.bond

amilablackwell.online

venir-bienne.info

024tengxun396.buzz

ocoani.shop

arage-door-repair-1.today

entista-esp.today

vto.stream

loud-computing-intl-3455364.fyi

9790.club

us-inbox-messages.online

aser-hair-removal-90284.bond

etangkhap99.lol

leaningjobs-cz.today

nline-courses-classes-lv-1.bond

essislotgoal14.xyz

ridges-freezers-56090.bond

Targets

- Target
  
  Payment advice.exe
- Size
  
  1.1MB
- MD5
  
  c4df2419b7cf73964d33c01e106bed42
- SHA1
  
  710da0825122e74b972e2e9b4e42b62a281957a6
- SHA256
  
  54d753e9c1a1f7c5016bcf820b09f7626166de0097478617939ac31995161556
- SHA512
  
  d0c2285e1dbbf649651b669dba6f1503664636df8ebd0d51adbb85d8905f191b5f13a69c95d40a28e1af9a3c2afd580531006a86b2a6d44787203121675f9448
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaCxmaKktGRHnGCB3xkaFL:7JZoQrbTFZY1iaCNKfRGCVxH
Score

10^/10

formbook c24t discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookc24tdiscoveryratspywarestealertrojan

behavioral2

formbookc24tdiscoveryratspywarestealertrojan

© 2018-2025

Terms | Privacy