formbook | 1c8de42bff76a20cdaee2bed7629f8f0dfcf4ab5c7b5ee637d147f6f45311015 | Triage

Submit
Reports

Overview

overview

Static

static

5

1c8de42bff...15.exe

windows7-x64

1c8de42bff...15.exe

windows10-2004-x64

Sharing

General

Target

1c8de42bff76a20cdaee2bed7629f8f0dfcf4ab5c7b5ee637d147f6f45311015.exe
Size

1.2MB
Sample

241025-blx16azhpd
MD5

5513c53ff0ac4a880b5a35ceb8b7cb1c
SHA1

7bc81330e32d49af2689f81152d2cd696c99c6be
SHA256

1c8de42bff76a20cdaee2bed7629f8f0dfcf4ab5c7b5ee637d147f6f45311015
SHA512

f40b441c78ef38bfcf051c3626cf98055d5e5dca9c3fd56dd5b441411dbdefac74d63627233fb1965a3fab4e1a30773f60fbf16eaf83b1a71afe7ed6cb0b9c39
SSDEEP

12288:LLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QHCVvs1IyOft2m2L9ajYhHti8LIva8xi:/fmMv6Ckr7Mny5QHkzzcm2L9NJIvRbsT

Score

10^/10

formbook f29s discovery rat spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1c8de42bff76a20cdaee2bed7629f8f0dfcf4ab5c7b5ee637d147f6f45311015.exe

Resource

win7-20240708-en

formbook f29s discovery rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

1c8de42bff76a20cdaee2bed7629f8f0dfcf4ab5c7b5ee637d147f6f45311015.exe

Resource

win10v2004-20241007-en

formbook f29s discovery rat spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

f29s

Decoy

rostnixon.net

exxxwordz.xyz

ndradesanches.shop

eneral-vceef.xyz

isanbowl.top

aresrasherregard.cfd

dzas-yeah.xyz

0083.miami

hongziyin01.top

jdhfmq.live

alembottling.net

vtyo-phone.xyz

kaqb-decade.xyz

odel-lsmfz.xyz

aradise.tech

uan123-rtp43.xyz

pusptracking.xyz

uqhi42.xyz

mihy-professor.xyz

mnz-your.xyz

iscussion-tjard.xyz

peak-ajau.xyz

ixedcontainerlogistics.today

ranxxletzz.xyz

ccloudserve.xyz

haloryner.website

ro-arenamega.pro

tjcb-wait.xyz

lywjv-issue.xyz

rta-away.xyz

ay888.website

asderkadinkollari.net

specially-smou.xyz

ound-qlhmm.xyz

nit-dreeu.xyz

ea-obgocc.xyz

rostavive-org.xyz

zpp-at.xyz

duxrib.xyz

uohz.net

etsgroove.app

awqs-wonder.xyz

acaxtecameralcarers.cfd

idstream.xyz

umayunileusesingests.shop

avada-cash-out.tech

byataltatweer.net

omething-nvho.xyz

yntomist.pics

aomei517.top

how-ydhtlu.xyz

ise-bjnh.xyz

ovt-jobs-lisitings00810.today

mmgiare.xyz

plqz-move.xyz

onheronummaryorkney.cfd

oqo-over.xyz

aee.pro

as-nhynby.xyz

dnaqm-walk.xyz

aranvickersvirilia.cfd

wqvn-environment.xyz

attern-equd.xyz

ivinetranquilityjourney.pics

kimosskrupulslacker.cfd

Targets

- Target
  
  1c8de42bff76a20cdaee2bed7629f8f0dfcf4ab5c7b5ee637d147f6f45311015.exe
- Size
  
  1.2MB
- MD5
  
  5513c53ff0ac4a880b5a35ceb8b7cb1c
- SHA1
  
  7bc81330e32d49af2689f81152d2cd696c99c6be
- SHA256
  
  1c8de42bff76a20cdaee2bed7629f8f0dfcf4ab5c7b5ee637d147f6f45311015
- SHA512
  
  f40b441c78ef38bfcf051c3626cf98055d5e5dca9c3fd56dd5b441411dbdefac74d63627233fb1965a3fab4e1a30773f60fbf16eaf83b1a71afe7ed6cb0b9c39
- SSDEEP
  
  12288:LLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QHCVvs1IyOft2m2L9ajYhHti8LIva8xi:/fmMv6Ckr7Mny5QHkzzcm2L9NJIvRbsT
Score

10^/10

formbook f29s discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookf29sdiscoveryratspywarestealertrojan

behavioral2

formbookf29sdiscoveryratspywarestealertrojan

© 2018-2025

Terms | Privacy