formbook

General

Target

619d2ba58ece0c805f96956f511f5155
Size

335KB
Sample

211223-m85kashfc8
MD5

619d2ba58ece0c805f96956f511f5155
SHA1

30441c1e27728e326e16627e64fc63abc49b05c1
SHA256

4fd44b1855341a3f6f31e08e4ad288747ecb8e5b8637b95fff99aa689de07446
SHA512

af7da2064473c6b277dcf833ad1de09c3fdc89fc1de2a94b987e7f95186cc0e058fc1c22875f821829e180c89e252cafcda6bc463fd15c8d01663434921943e3

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h4d0

Decoy

onlinefinejewelry.com

samstringermusic.com

beam-lettings.info

optimumcoin.xyz

fasa.xyz

creativedime.com

eihncuz.online

griffin2008.top

europcarlive.com

jxhcar.com

museumsshop.international

bonolaboral-lnterbank.com

kelebandis.xyz

hiddenlakeranch.net

carelessyouth.com

jfkilfoil.store

potok-it-ua.site

magdulemediation.com

shakadal.xyz

coastconstructionfl.com

Targets

- Target
  
  619d2ba58ece0c805f96956f511f5155
- Size
  
  335KB
- MD5
  
  619d2ba58ece0c805f96956f511f5155
- SHA1
  
  30441c1e27728e326e16627e64fc63abc49b05c1
- SHA256
  
  4fd44b1855341a3f6f31e08e4ad288747ecb8e5b8637b95fff99aa689de07446
- SHA512
  
  af7da2064473c6b277dcf833ad1de09c3fdc89fc1de2a94b987e7f95186cc0e058fc1c22875f821829e180c89e252cafcda6bc463fd15c8d01663434921943e3
Score

10^/10

formbook h4d0 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2