formbook | 646caffd61afaeca0fa3cb9c7af7f772d2a4c265bb955274771bc6299285496a | Triage

Submit
Reports

Overview

overview

Static

static

5

New Order ...24.exe

windows7-x64

New Order ...24.exe

windows10-2004-x64

Sharing

General

Target

New Order #60-23095840024.zip
Size

833KB
Sample

240930-kfvtaavgkj
MD5

561fa366def6dde2d9a1c871abb3b769
SHA1

87b564bdc180a875d8f2f04e0674518e3106cc31
SHA256

646caffd61afaeca0fa3cb9c7af7f772d2a4c265bb955274771bc6299285496a
SHA512

8a88b096d487bf9da9e24ce99c96cd09ec17d391a04f34f370be90f4cfd50e4d80e841eac9e79b9fd3a2472530df971164990890aa4e59a82d2d5ed222f9cd97
SSDEEP

24576:/Y6HEiGC9DIT27p8yUdZSTOqITZMpc8jmFqYBn/p9HI:/Y6PG4DIzu3IV8KFfBnh9HI

Score

10^/10

formbook e62s discovery rat spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

New Order #60-23095840024.exe

Resource

win7-20240903-en

formbook e62s discovery rat spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

New Order #60-23095840024.exe

Resource

win10v2004-20240802-en

formbook e62s discovery rat spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e62s

Decoy

ellinksa.shop

uckyspinph.xyz

owdark.net

arriage-therapy-72241.bond

w7ijko4rv4p97b.top

heirbuzzwords.buzz

aspart.shop

ctivemail5-kagoya-com.info

shacertification9.shop

zitcd65k3.buzz

llkosoi.info

ru8.info

rhgtrdjdjykyetrdjftd.buzz

yschoollist.kiwi

oftfolio.online

rograma-de-almacen-2.online

oudoarms.top

mwquas.xyz

orjagaucha.website

nlinechat-mh.online

nlinebankingrates.net

3llyb.vip

42du394dr.autos

ahealthcaretrends2.bond

gbox.net

anatanwater.net

amearcade.shop

ighrane.online

01599.xyz

ams.zone

-mart.vip

42bet.xyz

6snf.shop

nitycacao.shop

arageflooringepoxynearme1.today

c7qkaihvsc.top

amingacor.click

airosstudio.tech

iktokonline.pro

homasotooleboxing.net

ashforhouse24.online

1539.app

atangtoto4.click

ndex.autos

atorengineered.tech

angkalantogel.company

ajudepo777.top

jacksontimepiece.net

gstudio-ai.homes

unter-saaaa.buzz

atageneral.sbs

ingston-saaab.buzz

i5t3.christmas

ampanyaak.click

dneshima.today

angbaojia.top

ubuz.net

pp-games-delearglu.xyz

insgw.bond

7f243xb.skin

roliig.top

wdie3162.vip

reechagroup.vip

op-phone-deal.today

orsaperevod.online

Targets

- Target
  
  New Order #60-23095840024.exe
- Size
  
  1.1MB
- MD5
  
  64dbde73e410165a5e6566ed2b2282b6
- SHA1
  
  7635298f794a9c7a68ac7675ca33574a765b8fb7
- SHA256
  
  4d7b9bb02299bcc46d95f2df772d152d3ebb8445c04e6255040c61fb5ea46312
- SHA512
  
  2bb58b47caca2be94fa934b34f6e0630a4281dc63ef908a11155a3986cfdd1316bc6ee93fe41e4486b2e2bc5153c8175b990653c9ef59de81af8ada7222d4b46
- SSDEEP
  
  24576:KfmMv6Ckr7Mny5Qtz8SC9Z0TKqIrZopc8jiFiYpn/N9H0:K3v+7/5QtUYLIF8uFHpn19H0
Score

10^/10

formbook e62s discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooke62sdiscoveryratspywarestealertrojan

behavioral2

formbooke62sdiscoveryratspywarestealertrojan

© 2018-2025

Terms | Privacy