formbook | f6ec336ad7902fc73ca6256fc549d449e8a59daec2ece6053f68cdca3fc09011 | Triage

Sharing

General

Target

f6ec336ad7902fc73ca6256fc549d449e8a59daec2ece6053f68cdca3fc09011
Size

271KB
Sample

211210-mphleshedl
MD5

7b36ace1c180faa31de8b7390b166f7b
SHA1

dbec78f06cacd2fb4083b2fc4280aecc5128953f
SHA256

f6ec336ad7902fc73ca6256fc549d449e8a59daec2ece6053f68cdca3fc09011
SHA512

b3a7c4f92f8fa56cd61e9f8a3dd19c7bae2af505bda4d74f778ce7e1e8d452b708dc6a98e43dc726ea54d2a8275e6fae69228dbf74d6e03312958e06bee35dc9

Score

10^/10

formbook h4d0 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h4d0

C2

http://www.voxelsoxx.xyz/h4d0/

Decoy

onlinefinejewelry.com

samstringermusic.com

beam-lettings.info

optimumcoin.xyz

fasa.xyz

creativedime.com

eihncuz.online

griffin2008.top

europcarlive.com

jxhcar.com

museumsshop.international

bonolaboral-lnterbank.com

kelebandis.xyz

hiddenlakeranch.net

carelessyouth.com

jfkilfoil.store

potok-it-ua.site

magdulemediation.com

shakadal.xyz

coastconstructionfl.com

Targets

- Target
  
  f6ec336ad7902fc73ca6256fc549d449e8a59daec2ece6053f68cdca3fc09011
- Size
  
  271KB
- MD5
  
  7b36ace1c180faa31de8b7390b166f7b
- SHA1
  
  dbec78f06cacd2fb4083b2fc4280aecc5128953f
- SHA256
  
  f6ec336ad7902fc73ca6256fc549d449e8a59daec2ece6053f68cdca3fc09011
- SHA512
  
  b3a7c4f92f8fa56cd61e9f8a3dd19c7bae2af505bda4d74f778ce7e1e8d452b708dc6a98e43dc726ea54d2a8275e6fae69228dbf74d6e03312958e06bee35dc9
Score

10^/10

formbook h4d0 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookh4d0ratspywarestealertrojan