formbook | 898046056f632515a0b36b5fd0e5ecb855ed2c4d307f4bf7512f7ea9f0f98f84 | Triage

Sharing

General

Target

898046056f632515a0b36b5fd0e5ecb855ed2c4d307f4bf7512f7ea9f0f98f84
Size

162KB
Sample

220110-ww4a5sehdp
MD5

5b623a4d1adbc236c1c11fe8e9630188
SHA1

d1c20b9af0ecead4206041364c1fd94dd618330f
SHA256

898046056f632515a0b36b5fd0e5ecb855ed2c4d307f4bf7512f7ea9f0f98f84
SHA512

c7bc068e74f9ce89b68b6ebf2e466502a99eecbefb680d56986a4275e987379083ef5ee6e870c94d86b11ec11ab85e70a159580f20536893b3eef7a55b2cb925

Score

10^/10

formbook oh75 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oh75

Decoy

honeyglowpro2.com

tharrisondotblog.com

pandareadyhosting707.xyz

getitnow-superdeals.com

s6rtkh.xyz

clearwatermind.com

njjiaxincs.com

cwatereg.com

jmhifctds.xyz

getmybusinesscredit.com

695w12tg.xyz

thefeatur.com

sieuvoucher.com

biggamepick6.com

vezhe.com

7fy5.info

promiskuitives-leben.com

haghverdi.xyz

cothamnhung.com

shanghaitimeout.com

Targets

- Target
  
  898046056f632515a0b36b5fd0e5ecb855ed2c4d307f4bf7512f7ea9f0f98f84
- Size
  
  162KB
- MD5
  
  5b623a4d1adbc236c1c11fe8e9630188
- SHA1
  
  d1c20b9af0ecead4206041364c1fd94dd618330f
- SHA256
  
  898046056f632515a0b36b5fd0e5ecb855ed2c4d307f4bf7512f7ea9f0f98f84
- SHA512
  
  c7bc068e74f9ce89b68b6ebf2e466502a99eecbefb680d56986a4275e987379083ef5ee6e870c94d86b11ec11ab85e70a159580f20536893b3eef7a55b2cb925
Score

10^/10

formbook oh75 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookoh75ratspywarestealertrojan