formbook | c6d0861ae7de13673ba678e5460d94433a6a873d461015070cc95fe174015991 | Triage

Sharing

General

Target

c6d0861ae7de13673ba678e5460d94433a6a873d461015070cc95fe174015991
Size

298KB
Sample

220119-w2hlmaccf4
MD5

b0fd06d3d98801c819d319e2238b4759
SHA1

f6b1491a483af1a0aad7dbdcec83580d6bb90023
SHA256

c6d0861ae7de13673ba678e5460d94433a6a873d461015070cc95fe174015991
SHA512

8546bbe82af1543de2b688838e728396821f2c989e0417aedae6d6fce5374c5df5b5c9a00e6a214e7d9bb40d7c8cb6c05b0d52e631e6d6535037bb8e5fad0395

Score

10^/10

formbook h4d0 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h4d0

Decoy

onlinefinejewelry.com

samstringermusic.com

beam-lettings.info

optimumcoin.xyz

fasa.xyz

creativedime.com

eihncuz.online

griffin2008.top

europcarlive.com

jxhcar.com

museumsshop.international

bonolaboral-lnterbank.com

kelebandis.xyz

hiddenlakeranch.net

carelessyouth.com

jfkilfoil.store

potok-it-ua.site

magdulemediation.com

shakadal.xyz

coastconstructionfl.com

Targets

- Target
  
  c6d0861ae7de13673ba678e5460d94433a6a873d461015070cc95fe174015991
- Size
  
  298KB
- MD5
  
  b0fd06d3d98801c819d319e2238b4759
- SHA1
  
  f6b1491a483af1a0aad7dbdcec83580d6bb90023
- SHA256
  
  c6d0861ae7de13673ba678e5460d94433a6a873d461015070cc95fe174015991
- SHA512
  
  8546bbe82af1543de2b688838e728396821f2c989e0417aedae6d6fce5374c5df5b5c9a00e6a214e7d9bb40d7c8cb6c05b0d52e631e6d6535037bb8e5fad0395
Score

10^/10

formbook h4d0 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookh4d0ratspywarestealertrojan