formbook | ede8ae39d91066365f959fc9c98f0b47add88604ce95829a9618a15274faef3f | Triage

Submit
Reports

Overview

overview

Static

static

5

Signed Contract.exe

windows7-x64

Signed Contract.exe

windows10-2004-x64

Sharing

General

Target

Signed Contract.exe
Size

1.1MB
Sample

240923-q74s6a1fng
MD5

9cff570bbd99193ba8618ba6c5491a13
SHA1

3848185fe5c08b05b27fbfa65cfadbf3096e908d
SHA256

ede8ae39d91066365f959fc9c98f0b47add88604ce95829a9618a15274faef3f
SHA512

191376aa71d6119d270a13692e8eadd06a492bc6777313fcc7bc27ebdc3244e902703bd8b206c3bfddf353131e1c2c9b7014e346649d1eb691d426d13764b34b
SSDEEP

24576:uRmJkcoQricOIQxiZY1iaC+BJ8a3qVH/by3Q4w0jgo:7JZoQrbTFZY1iaC+wakmnw0X

Score

10^/10

formbook c89p discovery rat spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Signed Contract.exe

Resource

win7-20240903-en

formbook c89p discovery rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Signed Contract.exe

Resource

win10v2004-20240802-en

formbook c89p discovery rat spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c89p

Decoy

ftersaleb.top

dcustomdesgins.net

ostbet2024.live

rhgtrdjdjytkyhretrdjfytd.buzz

atauniversity.tech

idoctor365.net

x-design-courses-29670.bond

ellowold-pc.top

ransportationmmsytpro.top

areerfest.xyz

artiresbah-in.today

ijie.pro

torehousestudio.info

69-11-luxury-watches.shop

earing-tests-44243.bond

hits.shop

hzl9.bond

lood-test-jp-1.bond

livialiving.online

usymomsmakingmoney.online

olar-systems-panels-61747.bond

hinawinner.top

oldensky10.xyz

oginsuperking777.click

oviepicker.net

partment-rental05.online

ldkp.net

sofaerb.shop

ydh5.beauty

aston-saaaa.buzz

acuum-cleaner-84018.bond

usiness-printer-37559.bond

dindadisini12.click

j7zd12m.xyz

plesacv.xyz

trustcapital247.online

asapembuatanpatung.online

ent-all.xyz

r64mh1.vip

aser-cap-hair-growth.today

amattva.company

herightfits.top

uickautoquote.net

ctu36ojboz6w2cl.asia

oursmile.vip

astysavor.website

iam-saaab.buzz

igmoto.info

itchellcohen.net

un-sea.fun

steticavonixx.shop

arklife.shop

bsboffchatrussummsa.online

iuxing.asia

okenexchange.art

llhealthreview.online

refabricated-homes-53685.bond

atercraze.net

osmits.net

rail.cruises

utanginamo.sbs

hapanda.fun

arehouse-inventory-29693.bond

innivip.bio

aycare-service-99683.bond

Targets

- Target
  
  Signed Contract.exe
- Size
  
  1.1MB
- MD5
  
  9cff570bbd99193ba8618ba6c5491a13
- SHA1
  
  3848185fe5c08b05b27fbfa65cfadbf3096e908d
- SHA256
  
  ede8ae39d91066365f959fc9c98f0b47add88604ce95829a9618a15274faef3f
- SHA512
  
  191376aa71d6119d270a13692e8eadd06a492bc6777313fcc7bc27ebdc3244e902703bd8b206c3bfddf353131e1c2c9b7014e346649d1eb691d426d13764b34b
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaC+BJ8a3qVH/by3Q4w0jgo:7JZoQrbTFZY1iaC+wakmnw0X
Score

10^/10

formbook c89p discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookc89pdiscoveryratspywarestealertrojan

behavioral2

formbookc89pdiscoveryratspywarestealertrojan

© 2018-2025

Terms | Privacy