HOPEFUL.exe

Target

HOPEFUL.exe

Size

3MB

Sample

210113-6f3qb3zqwa

Score

10 ^/10

MD5

9c15af175868121cc014666189d52dae

SHA1

3ba03f47a8762368538e47806353f55da43d46ac

SHA256

7c8f873fc34661a785875f76a1f3b1aff6719e69d2a4ea5d2d94f849282b623a

SHA512

48fb5c66bda58fa8b76e276e61afc36576cddb9e27a601767e10f2d554c669613249aca6908191cb30a850b8ef207a69bb1a73c1fe25c93e7ef40379a3950a02

Extracted

Family	formbook
C2	http://www.registeredagentfirm.com/jqc/ http://www.registeredagentfirm.com/jqc/
Decoy	strahlenschutz.digital soterppe.com wlw-hnlt.com topheadlinetowitness-today.info droriginals.com baculatechie.online definity.finance weddingmustgoon.com ludisenofloral.com kenniscourtureconsignments.com dl888.net singledynamics.com internetmarkaching.com solidconstruct.site ip-freight.com 11sxsx.com incomecontent.com the343radio.com kimberlygoedhart.net dgdoughnuts.net vivethk.com st-reet.com luxusgrotte.com hareland.info fitdramas.com shakahats.com cositasdepachecos.com lhc965.com 5hnjy.com zoommedicaremeetings.com bebywye.site ravenlewis.com avia-sales.xyz screwtaped.com xaustock.com hongreng.xyz lokalised.com neosolutionsllc.com ecandkllc.com sistertravelalliance.com brotherhoodoffathers.com mybestme.store vigilantdis.com sqatzx.com kornteengoods.com miamiwaterworld.com mywillandmylife.com novergi.com eaglesnestpropheticministry.com sterlworldshop.com gabriellagullberg.com toweroflifeinc.com tiendazoom.com dividupe.com szyulics.com theorangepearl.com hotvidzhub.download asacal.com systemedalarmebe.com margosbest.com kathymusic.com quintred.com mad54.art simplification.business strahlenschutz.digital soterppe.com wlw-hnlt.com topheadlinetowitness-today.info droriginals.com baculatechie.online definity.finance weddingmustgoon.com ludisenofloral.com kenniscourtureconsignments.com dl888.net singledynamics.com internetmarkaching.com solidconstruct.site ip-freight.com 11sxsx.com incomecontent.com the343radio.com kimberlygoedhart.net dgdoughnuts.net vivethk.com st-reet.com luxusgrotte.com hareland.info fitdramas.com shakahats.com cositasdepachecos.com lhc965.com 5hnjy.com zoommedicaremeetings.com bebywye.site ravenlewis.com avia-sales.xyz screwtaped.com xaustock.com hongreng.xyz lokalised.com neosolutionsllc.com ecandkllc.com sistertravelalliance.com brotherhoodoffathers.com mybestme.store vigilantdis.com sqatzx.com kornteengoods.com miamiwaterworld.com mywillandmylife.com novergi.com eaglesnestpropheticministry.com sterlworldshop.com gabriellagullberg.com toweroflifeinc.com tiendazoom.com dividupe.com szyulics.com theorangepearl.com hotvidzhub.download asacal.com systemedalarmebe.com margosbest.com kathymusic.com quintred.com mad54.art simplification.business

Target

HOPEFUL.exe

MD5

9c15af175868121cc014666189d52dae

Filesize

3MB

Score

10 ^/10

SHA1

3ba03f47a8762368538e47806353f55da43d46ac

SHA256

7c8f873fc34661a785875f76a1f3b1aff6719e69d2a4ea5d2d94f849282b623a

SHA512

48fb5c66bda58fa8b76e276e61afc36576cddb9e27a601767e10f2d554c669613249aca6908191cb30a850b8ef207a69bb1a73c1fe25c93e7ef40379a3950a02

Signatures

Formbook

Description

Formbook is a data stealing malware which is capable of stealing data.

Tags

trojan spyware stealer formbook
Formbook Payload

Tags

rat
Executes dropped EXE
Loads dropped DLL
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

formbook rat spyware stealer trojan

10^/10

behavioral2

formbook rat spyware stealer trojan

10^/10

Extracted

Tags

Signatures

Formbook

Description

Tags

Formbook Payload

Tags

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2