formbook | f7d92bdb9870269bf1d06047d8dc41b287727612f0de238efbd59ef4767c7b03 | Triage

Sharing

General

Target

f7d92bdb9870269bf1d06047d8dc41b287727612f0de238efbd59ef4767c7b03
Size

247KB
Sample

220126-xy2qrshfa3
MD5

fe00496b835373cc1e2bedaa5cd44dba
SHA1

226e116819b8f70e7972aff8bb69126af3b88020
SHA256

f7d92bdb9870269bf1d06047d8dc41b287727612f0de238efbd59ef4767c7b03
SHA512

3acc02b0b6c73516d8964cf5023838ebc8502e10b89a655c30867bee8fed270a2845c459e2f89898ddefda51df9b92d2bd8b8522fc2dfea059f1e6180cf84b1e

Score

10^/10

formbook s11y rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s11y

Decoy

thae.xyz

jeffreyoboite.com

waitforittshirts.com

rattledance.xyz

jq-pt.com

aolcomsignin.com

thekingschronicle.com

nftbrasil.tech

liruixiao.com

monkeyrollsltd.com

yhyh3456.com

ultrakid.tech

projectsbespoke.com

ticketsdao.com

himalayanspirit.com

hfurniture.xyz

dxalxbkl.com

pick-finder.com

pnmslinhyxsdf7.xyz

rensolv.xyz

Targets

- Target
  
  f7d92bdb9870269bf1d06047d8dc41b287727612f0de238efbd59ef4767c7b03
- Size
  
  247KB
- MD5
  
  fe00496b835373cc1e2bedaa5cd44dba
- SHA1
  
  226e116819b8f70e7972aff8bb69126af3b88020
- SHA256
  
  f7d92bdb9870269bf1d06047d8dc41b287727612f0de238efbd59ef4767c7b03
- SHA512
  
  3acc02b0b6c73516d8964cf5023838ebc8502e10b89a655c30867bee8fed270a2845c459e2f89898ddefda51df9b92d2bd8b8522fc2dfea059f1e6180cf84b1e
Score

10^/10

formbook s11y rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbooks11yratspywarestealertrojan