formbook

General

Target

ffd0eebbad68d358abbed65a378e6e9e
Size

423KB
Sample

211216-lkb3eabgb3
MD5

ffd0eebbad68d358abbed65a378e6e9e
SHA1

769159c6e1a5400304839759257018d373c5c507
SHA256

fedf55446e010cc987ff0313ac685c616e4a01f30a6cc807b3b95fb859714f8b
SHA512

350fbf14b20d21b401f78c3b0c1b9f940a6e5221b59317a7f9f268e96327691891428b78367abd549b64eef027aec181d5aec75c381d9fb383cb3512b186a0e5

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h4d0

Decoy

onlinefinejewelry.com

samstringermusic.com

beam-lettings.info

optimumcoin.xyz

fasa.xyz

creativedime.com

eihncuz.online

griffin2008.top

europcarlive.com

jxhcar.com

museumsshop.international

bonolaboral-lnterbank.com

kelebandis.xyz

hiddenlakeranch.net

carelessyouth.com

jfkilfoil.store

potok-it-ua.site

magdulemediation.com

shakadal.xyz

coastconstructionfl.com

Targets

- Target
  
  ffd0eebbad68d358abbed65a378e6e9e
- Size
  
  423KB
- MD5
  
  ffd0eebbad68d358abbed65a378e6e9e
- SHA1
  
  769159c6e1a5400304839759257018d373c5c507
- SHA256
  
  fedf55446e010cc987ff0313ac685c616e4a01f30a6cc807b3b95fb859714f8b
- SHA512
  
  350fbf14b20d21b401f78c3b0c1b9f940a6e5221b59317a7f9f268e96327691891428b78367abd549b64eef027aec181d5aec75c381d9fb383cb3512b186a0e5
Score

10^/10

formbook h4d0 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2