formbook | 13441db4f2c8574a8d90d1b5167b1f4b81bbdcd77a1e0ba44517017874d02618 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

13441db4f2...8.xlsx

windows7-x64

13441db4f2...8.xlsx

windows10-2004-x64

1

Sharing

General

Target

13441db4f2c8574a8d90d1b5167b1f4b81bbdcd77a1e0ba44517017874d02618
Size

1.3MB
Sample

250109-zyzbra1mez
MD5

0d5d79a8b715e13a26e6579f1d47c0d7
SHA1

408402dcc517ab7be7957ff867b7464cc1465334
SHA256

13441db4f2c8574a8d90d1b5167b1f4b81bbdcd77a1e0ba44517017874d02618
SHA512

d2642be20a3f7114ee1caec6253caebdb213709590ba14051391eb72f0f10018fa634db5ff735a88e9ff2aefdf5af208bd3cadb5b2dec070bee8bbd7decded05
SSDEEP

24576:KngpIDsJ34JbFQ4YBolrs08Qt/horbWgMhSpA6+jzfievtzAQSX1:KnYmscQ4goBsmYBMkuNjm4tuX1

Score

10^/10

formbook hwu6 discovery rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

13441db4f2c8574a8d90d1b5167b1f4b81bbdcd77a1e0ba44517017874d02618.xlsx

Resource

win7-20240903-en

formbook hwu6 discovery rat spyware stealer trojan

windows7-x64

20 signatures

60 seconds

Behavioral task

behavioral2

Sample

13441db4f2c8574a8d90d1b5167b1f4b81bbdcd77a1e0ba44517017874d02618.xlsx

Resource

win10v2004-20241007-en

windows10-2004-x64

7 signatures

60 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hwu6

Decoy

lf758.vip

locerin-hair.shop

vytech.net

pet-insurance-intl-7990489.live

thepolithat.buzz

d66dr114gl.bond

suv-deals-49508.bond

job-offer-53922.bond

drstone1.click

lebahsemesta57.click

olmanihousel.shop

piedmontcsb.info

trisula888x.top

66sodovna.net

dental-implants-83810.bond

imxtld.club

frozenpines.net

ffgzgbl.xyz

tlc7z.rest

alexismuller.design

6vay.boats

moocatinght.top

hafwje.bond

edmaker.online

simo1simo001.click

vbsdconsultant.click

ux-design-courses-53497.bond

victory88-pay.xyz

suarahati7.xyz

otzen.info

hair-transplantation-65829.bond

gequiltdesins.shop

inefity.cloud

jeeinsight.online

86339.xyz

stairr-lift-find.today

wdgb20.top

91uvq.pro

energyecosystem.app

8e5lr5i9zu.buzz

migraine-treatment-36101.bond

eternityzon.shop

43mjqdyetv.sbs

healthcare-software-74448.bond

bethlark.top

dangdut4dselalu.pro

04506.club

rider.vision

health-insurance-cake.world

apoppynote.com

11817e.com

hiefmotelkeokuk.top

sugatoken.xyz

aragamand.business

alifewithoutlimits.info

vibrantsoul.xyz

olarpanels-outlet.info

ozzd86fih4.online

skbdicat.xyz

cloggedpipes.net

ilsgroup.net

ptcnl.info

backstretch.store

maheshg.xyz

7b5846.online

Targets

- Target
  
  13441db4f2c8574a8d90d1b5167b1f4b81bbdcd77a1e0ba44517017874d02618
- Size
  
  1.3MB
- MD5
  
  0d5d79a8b715e13a26e6579f1d47c0d7
- SHA1
  
  408402dcc517ab7be7957ff867b7464cc1465334
- SHA256
  
  13441db4f2c8574a8d90d1b5167b1f4b81bbdcd77a1e0ba44517017874d02618
- SHA512
  
  d2642be20a3f7114ee1caec6253caebdb213709590ba14051391eb72f0f10018fa634db5ff735a88e9ff2aefdf5af208bd3cadb5b2dec070bee8bbd7decded05
- SSDEEP
  
  24576:KngpIDsJ34JbFQ4YBolrs08Qt/horbWgMhSpA6+jzfievtzAQSX1:KnYmscQ4goBsmYBMkuNjm4tuX1
Score

10^/10

formbook hwu6 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookhwu6discoveryratspywarestealertrojan

behavioral2

© 2018-2025

Terms | Privacy