formbook | e518c029a8b513fd3c2e77c475f8bd19c54c8a15d38198d878c8322a7b491f52 | Triage

Submit
Reports

Overview

overview

Static

static

5

SOA89035673890.exe

windows7-x64

SOA89035673890.exe

windows10-2004-x64

Sharing

General

Target

SOA89035673890.exe
Size

1.1MB
Sample

240927-p7mzzatcnk
MD5

f2a9270835ef7d0db0a287867cb98f6f
SHA1

3d3b9b719b0d4c1040e3b337ecae1f5b8729f5db
SHA256

e518c029a8b513fd3c2e77c475f8bd19c54c8a15d38198d878c8322a7b491f52
SHA512

3b6339a3434693dd9076469ee757805e7e2b78d14c77624a0a4b3b9a65f9b8a275137f5e8638abebfd5da7dbe1592aa7300543905d93a118779ae15f04c80837
SSDEEP

24576:8RmJkcoQricOIQxiZY1iaADPzYJw7P04dA2iGKowNCC:pJZoQrbTFZY1iaADPzpzqhaw8C

Score

10^/10

formbook e62s discovery rat spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

SOA89035673890.exe

Resource

win7-20240708-en

formbook e62s discovery rat spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

SOA89035673890.exe

Resource

win10v2004-20240802-en

formbook e62s discovery rat spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e62s

Decoy

ellinksa.shop

uckyspinph.xyz

owdark.net

arriage-therapy-72241.bond

w7ijko4rv4p97b.top

heirbuzzwords.buzz

aspart.shop

ctivemail5-kagoya-com.info

shacertification9.shop

zitcd65k3.buzz

llkosoi.info

ru8.info

rhgtrdjdjykyetrdjftd.buzz

yschoollist.kiwi

oftfolio.online

rograma-de-almacen-2.online

oudoarms.top

mwquas.xyz

orjagaucha.website

nlinechat-mh.online

nlinebankingrates.net

3llyb.vip

42du394dr.autos

ahealthcaretrends2.bond

gbox.net

anatanwater.net

amearcade.shop

ighrane.online

01599.xyz

ams.zone

-mart.vip

42bet.xyz

6snf.shop

nitycacao.shop

arageflooringepoxynearme1.today

c7qkaihvsc.top

amingacor.click

airosstudio.tech

iktokonline.pro

homasotooleboxing.net

ashforhouse24.online

1539.app

atangtoto4.click

ndex.autos

atorengineered.tech

angkalantogel.company

ajudepo777.top

jacksontimepiece.net

gstudio-ai.homes

unter-saaaa.buzz

atageneral.sbs

ingston-saaab.buzz

i5t3.christmas

ampanyaak.click

dneshima.today

angbaojia.top

ubuz.net

pp-games-delearglu.xyz

insgw.bond

7f243xb.skin

roliig.top

wdie3162.vip

reechagroup.vip

op-phone-deal.today

orsaperevod.online

Targets

- Target
  
  SOA89035673890.exe
- Size
  
  1.1MB
- MD5
  
  f2a9270835ef7d0db0a287867cb98f6f
- SHA1
  
  3d3b9b719b0d4c1040e3b337ecae1f5b8729f5db
- SHA256
  
  e518c029a8b513fd3c2e77c475f8bd19c54c8a15d38198d878c8322a7b491f52
- SHA512
  
  3b6339a3434693dd9076469ee757805e7e2b78d14c77624a0a4b3b9a65f9b8a275137f5e8638abebfd5da7dbe1592aa7300543905d93a118779ae15f04c80837
- SSDEEP
  
  24576:8RmJkcoQricOIQxiZY1iaADPzYJw7P04dA2iGKowNCC:pJZoQrbTFZY1iaADPzpzqhaw8C
Score

10^/10

formbook e62s discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooke62sdiscoveryratspywarestealertrojan

behavioral2

formbooke62sdiscoveryratspywarestealertrojan

© 2018-2025

Terms | Privacy