HOPEFUL.exe

General
Target

HOPEFUL.exe

Size

3MB

Sample

210113-6f3qb3zqwa

Score
10 /10
MD5

9c15af175868121cc014666189d52dae

SHA1

3ba03f47a8762368538e47806353f55da43d46ac

SHA256

7c8f873fc34661a785875f76a1f3b1aff6719e69d2a4ea5d2d94f849282b623a

SHA512

48fb5c66bda58fa8b76e276e61afc36576cddb9e27a601767e10f2d554c669613249aca6908191cb30a850b8ef207a69bb1a73c1fe25c93e7ef40379a3950a02

Malware Config

Extracted

Family formbook
C2

http://www.registeredagentfirm.com/jqc/

Decoy

strahlenschutz.digital

soterppe.com

wlw-hnlt.com

topheadlinetowitness-today.info

droriginals.com

baculatechie.online

definity.finance

weddingmustgoon.com

ludisenofloral.com

kenniscourtureconsignments.com

dl888.net

singledynamics.com

internetmarkaching.com

solidconstruct.site

ip-freight.com

11sxsx.com

incomecontent.com

the343radio.com

kimberlygoedhart.net

dgdoughnuts.net

vivethk.com

st-reet.com

luxusgrotte.com

hareland.info

fitdramas.com

shakahats.com

cositasdepachecos.com

lhc965.com

5hnjy.com

zoommedicaremeetings.com

bebywye.site

ravenlewis.com

avia-sales.xyz

screwtaped.com

xaustock.com

hongreng.xyz

lokalised.com

neosolutionsllc.com

ecandkllc.com

sistertravelalliance.com

brotherhoodoffathers.com

mybestme.store

vigilantdis.com

sqatzx.com

kornteengoods.com

miamiwaterworld.com

mywillandmylife.com

novergi.com

eaglesnestpropheticministry.com

sterlworldshop.com

Targets
Target

HOPEFUL.exe

MD5

9c15af175868121cc014666189d52dae

Filesize

3MB

Score
10 /10
SHA1

3ba03f47a8762368538e47806353f55da43d46ac

SHA256

7c8f873fc34661a785875f76a1f3b1aff6719e69d2a4ea5d2d94f849282b623a

SHA512

48fb5c66bda58fa8b76e276e61afc36576cddb9e27a601767e10f2d554c669613249aca6908191cb30a850b8ef207a69bb1a73c1fe25c93e7ef40379a3950a02

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Formbook Payload

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1