formbook | 86d8d6d1a90c7511163ba9c3977035bbba1f834363d1baa93df28ed2ac45ce5b | Triage

Submit
Reports

Overview

overview

Static

static

3

jets4431.exe

windows7-x64

jets4431.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_86d8d6d1a90c7511163ba9c3977035bbba1f834363d1baa93df28ed2ac45ce5b
Size

984KB
Sample

241230-exc2xaxqdx
MD5

3ada1aabb74f39f00aa37a2823c3c75c
SHA1

2c685f88d58e3976e27c3dfcb1c1ae0c3ae59127
SHA256

86d8d6d1a90c7511163ba9c3977035bbba1f834363d1baa93df28ed2ac45ce5b
SHA512

d618287354c9a208c41f7ffd75264ee1a3852735cea0604c755e4968db43de82396b96402a40b5fcef00e0aea0f713cec1e5a6daa8a86da1c68697087e0f30e2
SSDEEP

24576:gYFssuZdRh4QkMMk1WVXlKojo1z3pQeU+vfuU4c:vFUdr435kIVXcbxZQY23c

Score

10^/10

formbook je14 discovery rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

jets4431.exe

Resource

win7-20241010-en

formbook je14 discovery rat spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

jets4431.exe

Resource

win10v2004-20241007-en

formbook je14 discovery rat spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

je14

Decoy

innervisionbuildings.com

theenergysocialite.com

565548.com

panghr.com

onlyonesolutions.com

stjohnzone6.com

cnotes.rest

helfeb.online

xixi-s-inc.club

easilyentered.com

theshopx.store

mrclean-ac.com

miamibeachwateradventures.com

jpearce.co.uk

seseragi-bunkou.com

minimaddie.com

commbank-help-849c3.com

segohandelsonderneming.com

namthanhreal.com

fototerapi.online

your-download.com

klindt.one

sellerscourt.com

francoislambert.store

smokedoutvapes.co.uk

rundacg.com

flavors-and-spices-lyon.com

qifengsuo.com

sunnyislesgardens.com

tunneldutransit.com

restorecodes.website

blast4me.com

bingser.space

co-gpco.com

emporioaliwen.com

mr5g.com

abcp666.com

consulvip.net

sagaming168.info

zjpbhsuz.top

socal-labworx.com

arethaglennevents.com

rafiqsiregar.com

esgh2.com

veirdmusic.com

abzcc.xyz

8065yp.com

dronebazar.com

duetpbr.com

apartamentoslaencantada.com

digigold.info

homedecorsuppliers.com

duenorthrm.com

xmmdsy.com

ddstennessee.com

marmeluz.com

ragnallhess.com

methinelli.com

randomlymetheseer.com

magicgrowthproducts.com

shreejistudio.com

mattress-37684.com

yellyfishfilms.com

www1111cpw.com

tigermedlagroup.com

Targets

- Target
  
  jets4431.exe
- Size
  
  1.1MB
- MD5
  
  71415d61dd3a653e017514280a4e05c4
- SHA1
  
  89bed5f613401c5816f3b22816f84d5f8067db3b
- SHA256
  
  3ab1cc60bd5dca00fc6cad5cf3c0a7cccea610b20027c9db6b45f0b41860fba5
- SHA512
  
  971407b4327c3a9fe1ff76f0ec84874522865ae08f338ec0985a1ef78066a59412d323a4a2731d33dec129c89355b7aa95fe36f4425db8ad6ea1151f5b9c2098
- SSDEEP
  
  24576:UAOcZXcxP61ptWw+avL8pnp3qY7daGAuvZG31RMaas/xmR:CH+tWw+S8D3r70QA3XM9n
Score

10^/10

formbook je14 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookje14discoveryratspywarestealertrojan

behavioral2

formbookje14discoveryratspywarestealertrojan

© 2018-2025

Terms | Privacy