formbook | 28818006253d45c3dd643095a63892bf730611b9347b8f3b930be3efffa908d8 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

5

2881800625...d8.exe

windows7-x64

2881800625...d8.exe

windows10-2004-x64

Sharing

General

Target

28818006253d45c3dd643095a63892bf730611b9347b8f3b930be3efffa908d8.exe
Size

1.6MB
Sample

250123-cpdx5axkez
MD5

df85a6fea907176063e6dc8ad2888bfb
SHA1

450837ad62e143afee717c52264e21d253bd2a74
SHA256

28818006253d45c3dd643095a63892bf730611b9347b8f3b930be3efffa908d8
SHA512

c25297581c5e420ac0f092b481c8a54454addc461b97171a69c81a0dfbeec632323e9f8b7d73ee4097078c3bef3ce766f9dcb2df6c898e44b64b064850300c58
SSDEEP

24576:3tb20pkaCqT5TBWgNQ7aeqyfpzUZS5jx7NXL14W1v+GsIZ6A:0Vg5tQ7aahzUZS571xvD5

Score

10^/10

formbook hwu6 discovery rat spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

28818006253d45c3dd643095a63892bf730611b9347b8f3b930be3efffa908d8.exe

Resource

win7-20240903-en

formbook hwu6 discovery rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

28818006253d45c3dd643095a63892bf730611b9347b8f3b930be3efffa908d8.exe

Resource

win10v2004-20241007-en

formbook hwu6 discovery rat spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hwu6

Decoy

lf758.vip

locerin-hair.shop

vytech.net

pet-insurance-intl-7990489.live

thepolithat.buzz

d66dr114gl.bond

suv-deals-49508.bond

job-offer-53922.bond

drstone1.click

lebahsemesta57.click

olmanihousel.shop

piedmontcsb.info

trisula888x.top

66sodovna.net

dental-implants-83810.bond

imxtld.club

frozenpines.net

ffgzgbl.xyz

tlc7z.rest

alexismuller.design

6vay.boats

moocatinght.top

hafwje.bond

edmaker.online

simo1simo001.click

vbsdconsultant.click

ux-design-courses-53497.bond

victory88-pay.xyz

suarahati7.xyz

otzen.info

hair-transplantation-65829.bond

gequiltdesins.shop

inefity.cloud

jeeinsight.online

86339.xyz

stairr-lift-find.today

wdgb20.top

91uvq.pro

energyecosystem.app

8e5lr5i9zu.buzz

migraine-treatment-36101.bond

eternityzon.shop

43mjqdyetv.sbs

healthcare-software-74448.bond

bethlark.top

dangdut4dselalu.pro

04506.club

rider.vision

health-insurance-cake.world

apoppynote.com

11817e.com

hiefmotelkeokuk.top

sugatoken.xyz

aragamand.business

alifewithoutlimits.info

vibrantsoul.xyz

olarpanels-outlet.info

ozzd86fih4.online

skbdicat.xyz

cloggedpipes.net

ilsgroup.net

ptcnl.info

backstretch.store

maheshg.xyz

7b5846.online

Targets

- Target
  
  28818006253d45c3dd643095a63892bf730611b9347b8f3b930be3efffa908d8.exe
- Size
  
  1.6MB
- MD5
  
  df85a6fea907176063e6dc8ad2888bfb
- SHA1
  
  450837ad62e143afee717c52264e21d253bd2a74
- SHA256
  
  28818006253d45c3dd643095a63892bf730611b9347b8f3b930be3efffa908d8
- SHA512
  
  c25297581c5e420ac0f092b481c8a54454addc461b97171a69c81a0dfbeec632323e9f8b7d73ee4097078c3bef3ce766f9dcb2df6c898e44b64b064850300c58
- SSDEEP
  
  24576:3tb20pkaCqT5TBWgNQ7aeqyfpzUZS5jx7NXL14W1v+GsIZ6A:0Vg5tQ7aahzUZS571xvD5
Score

10^/10

formbook hwu6 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookhwu6discoveryratspywarestealertrojan

behavioral2

formbookhwu6discoveryratspywarestealertrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.