formbook | 60e330b0b9a0c646e12263ca295c87025fb54b06487fd5320cc725f921f1a635 | Triage

Submit
Reports

Overview

overview

Static

static

5

RFQ QUG24-...20.exe

windows7-x64

RFQ QUG24-...20.exe

windows10-2004-x64

Sharing

General

Target

RFQ QUG24-20037005420051820.exe
Size

1.0MB
Sample

241010-tjx79azaqj
MD5

524d2e22f0545ea6235f7bff426100f7
SHA1

11f6b999c31e8096212390c8d19dcee5ee0baf8f
SHA256

60e330b0b9a0c646e12263ca295c87025fb54b06487fd5320cc725f921f1a635
SHA512

a2e5fdf606fdf0a05d3855631411cec2cc28d0007f9103862dc7cdb18ac5b6afad7794df6e6cfe306bf90a550a426152da47b9bf76c1952fba008b90e7f1e639
SSDEEP

24576:ffmMv6Ckr7Mny5QL5kaQGlC/U2xAmI4pKrm:f3v+7/5QL5kqCc2xdurm

Score

10^/10

formbook e62s discovery rat spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

RFQ QUG24-20037005420051820.exe

Resource

win7-20240903-en

formbook e62s discovery rat spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

RFQ QUG24-20037005420051820.exe

Resource

win10v2004-20241007-en

formbook e62s discovery rat spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e62s

Decoy

ellinksa.shop

uckyspinph.xyz

owdark.net

arriage-therapy-72241.bond

w7ijko4rv4p97b.top

heirbuzzwords.buzz

aspart.shop

ctivemail5-kagoya-com.info

shacertification9.shop

zitcd65k3.buzz

llkosoi.info

ru8.info

rhgtrdjdjykyetrdjftd.buzz

yschoollist.kiwi

oftfolio.online

rograma-de-almacen-2.online

oudoarms.top

mwquas.xyz

orjagaucha.website

nlinechat-mh.online

nlinebankingrates.net

3llyb.vip

42du394dr.autos

ahealthcaretrends2.bond

gbox.net

anatanwater.net

amearcade.shop

ighrane.online

01599.xyz

ams.zone

-mart.vip

42bet.xyz

6snf.shop

nitycacao.shop

arageflooringepoxynearme1.today

c7qkaihvsc.top

amingacor.click

airosstudio.tech

iktokonline.pro

homasotooleboxing.net

ashforhouse24.online

1539.app

atangtoto4.click

ndex.autos

atorengineered.tech

angkalantogel.company

ajudepo777.top

jacksontimepiece.net

gstudio-ai.homes

unter-saaaa.buzz

atageneral.sbs

ingston-saaab.buzz

i5t3.christmas

ampanyaak.click

dneshima.today

angbaojia.top

ubuz.net

pp-games-delearglu.xyz

insgw.bond

7f243xb.skin

roliig.top

wdie3162.vip

reechagroup.vip

op-phone-deal.today

orsaperevod.online

Targets

- Target
  
  RFQ QUG24-20037005420051820.exe
- Size
  
  1.0MB
- MD5
  
  524d2e22f0545ea6235f7bff426100f7
- SHA1
  
  11f6b999c31e8096212390c8d19dcee5ee0baf8f
- SHA256
  
  60e330b0b9a0c646e12263ca295c87025fb54b06487fd5320cc725f921f1a635
- SHA512
  
  a2e5fdf606fdf0a05d3855631411cec2cc28d0007f9103862dc7cdb18ac5b6afad7794df6e6cfe306bf90a550a426152da47b9bf76c1952fba008b90e7f1e639
- SSDEEP
  
  24576:ffmMv6Ckr7Mny5QL5kaQGlC/U2xAmI4pKrm:f3v+7/5QL5kqCc2xdurm
Score

10^/10

formbook e62s discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooke62sdiscoveryratspywarestealertrojan

behavioral2

formbooke62sdiscoveryratspywarestealertrojan

© 2018-2025

Terms | Privacy