formbook | 1d62ae45c62db87a620725b6ece3a6c5c32495a37a06038634002ff16e5365f3 | Triage

Sharing

General

Target

1d62ae45c62db87a620725b6ece3a6c5c32495a37a06038634002ff16e5365f3
Size

463KB
Sample

211216-lnchcacebn
MD5

4b61202928df12bf9fd1aa7ae12cc743
SHA1

83427d18ce784aa66b509fe9871d6c364558fe48
SHA256

1d62ae45c62db87a620725b6ece3a6c5c32495a37a06038634002ff16e5365f3
SHA512

d4724104ca4f5e5bf66c95b80a52a706050567ec787bad2f0a18ba7430ad6c08d42e7a83f305195a810eb2c9e8658e3b6f6394c5b7b55ac2d67380871487c419

Score

10^/10

formbook h4d0 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h4d0

Decoy

onlinefinejewelry.com

samstringermusic.com

beam-lettings.info

optimumcoin.xyz

fasa.xyz

creativedime.com

eihncuz.online

griffin2008.top

europcarlive.com

jxhcar.com

museumsshop.international

bonolaboral-lnterbank.com

kelebandis.xyz

hiddenlakeranch.net

carelessyouth.com

jfkilfoil.store

potok-it-ua.site

magdulemediation.com

shakadal.xyz

coastconstructionfl.com

Targets

- Target
  
  1d62ae45c62db87a620725b6ece3a6c5c32495a37a06038634002ff16e5365f3
- Size
  
  463KB
- MD5
  
  4b61202928df12bf9fd1aa7ae12cc743
- SHA1
  
  83427d18ce784aa66b509fe9871d6c364558fe48
- SHA256
  
  1d62ae45c62db87a620725b6ece3a6c5c32495a37a06038634002ff16e5365f3
- SHA512
  
  d4724104ca4f5e5bf66c95b80a52a706050567ec787bad2f0a18ba7430ad6c08d42e7a83f305195a810eb2c9e8658e3b6f6394c5b7b55ac2d67380871487c419
Score

10^/10

formbook h4d0 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookh4d0ratspywarestealertrojan