formbook | d76d2d7dbe76f79829b7f6a5c6a06c3d72177b9db56e80d60e81a58718eda609 | Triage

Submit
Reports

Overview

overview

Static

static

5

Proforma B...df.exe

windows7-x64

Proforma B...df.exe

windows10-2004-x64

Sharing

General

Target

d76d2d7dbe76f79829b7f6a5c6a06c3d72177b9db56e80d60e81a58718eda609
Size

788KB
Sample

241011-bgkj9sscll
MD5

a6c721dc1cc9747533041b19fdf54c9c
SHA1

bf2a4d26ad54baae17e25fc4174a1d223c8a8d75
SHA256

d76d2d7dbe76f79829b7f6a5c6a06c3d72177b9db56e80d60e81a58718eda609
SHA512

a549cd9098f8dbaecf1b9f303d6c0091236dc18f05d51e7759a3c74478d6bb61d6594367be4bfa4c555ea4648a7b2ad1215f3f90f95ab656d554045e4279c840
SSDEEP

12288:25fbSAuPjxMMNnWWpFkSP+mQLvxGLbnebdDsiePwQH4eTKHQhPN2eTvuEY7X+Ixd:2BbK9XvkSSY0dD1a7zTBJN2mvo+2

Score

10^/10

formbook e23y discovery rat spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Proforma Bonifico2234pdf.exe

Resource

win7-20241010-en

formbook e23y discovery rat spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Proforma Bonifico2234pdf.exe

Resource

win10v2004-20241007-en

formbook e23y discovery rat spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e23y

Decoy

stiloeconforto.shop

79nn470gl.autos

ffg.autos

elix-saaac.buzz

tlasbet88win.sbs

inoliga.app

777.fun

avada-ga-3.press

avandakitchen.online

61ep864tr.autos

igitalonlineseva.online

ar-deals-15908.bond

sqqpkv.pro

368i8rnoy.xyz

lxspinsenin.lol

9y204r7eo.sbs

toptalkingaboutit.net

eeplab.xyz

filmyhit.vip

athroom-remodeling-59089.bond

hwqcoiu.xyz

ome-care-76206.bond

tudioalberto.online

anfocusedviews.shop

ibrarygym.online

emosjumpers.net

mg-marketing.online

19bet.xyz

7556r.club

sed-cars-35796.bond

liveiraeletro.online

iangshen56.cloud

aeempreendora.online

bets.net

sychology-degree-69585.bond

est-arthritis-therapy-9711.buzz

zkirv.top

8015.xyz

uwueriudsjkdjnfjkdjnkxzk.vip

etausaha.online

crubber-brush-64789.bond

iversitiendaplus.shop

wrzlak.buzz

b-999.top

ower-bank-za-4886348.world

2361.asia

believehim.net

leeconcerned.info

oland-flight-deal.today

c-marketing.net

wgxb.top

pboardresult.net

nitednationsofindia.net

oupondhakel.shop

elationship-coach-72450.bond

ounjaronaturaloferta.online

wpgs2448.vip

8080734.xyz

mvqimnpwkxcixccaeafmibpiq.top

arpediemwireless.net

eth-paaad.buzz

renvillemarianne.net

tephsmith.info

opinformation.net

reakinggroundtherapy.pro

Targets

- Target
  
  Proforma Bonifico2234pdf.exe
- Size
  
  1.1MB
- MD5
  
  2ef3105704fc97bddbdc8a87d85b9096
- SHA1
  
  b09929488f50c2d65e921f0a146aef34fd3ca391
- SHA256
  
  7458a5e95234e38484be9ebe99b5a0a7cd8cc44ee3afc4513cd6c788ffb44dc6
- SHA512
  
  858dd0d1c4c2107a4ee2f2cd20dcc37ad2df3f5777b36d720e81f404dd8ca3ad6ab5b9a4c1e3d6b7808b89c4deaded68c719c5cdc96c792192fe306130db022c
- SSDEEP
  
  24576:ffmMv6Ckr7Mny5QLZFxDXgvBT739Wav6+6:f3v+7/5QLp6BT73QD+6
Score

10^/10

formbook e23y discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooke23ydiscoveryratspywarestealertrojan

behavioral2

formbooke23ydiscoveryratspywarestealertrojan

© 2018-2025

Terms | Privacy