formbook

General

Target

630b47cd56e437134b084f0861510bffe467872d9a3ab16d64676cf076d1c0f5
Size

576KB
Sample

220521-n7llgaegc9
MD5

93e0fc8fff18e6a2e9977a3cca1fa9ee
SHA1

515b799543cd80a60b9d145ba0430468de59bcca
SHA256

630b47cd56e437134b084f0861510bffe467872d9a3ab16d64676cf076d1c0f5
SHA512

5eb318ff5169de38117e71dbdd32811901c07b0a677fc8a6de96893feb70305b48bc6902f596b61dd794f61a4959f1eb31e329f39d1b76189a528f099ebf3289

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hkn

Decoy

nickherbal.info

desenlicoraplar.com

logo8023.com

gta5.ltd

surgicalmind.com

sigmanautomotive.com

theophileblog.com

wallaborate.com

ottawatotalfootcare.com

theusacoupons.com

lagharha.com

393351u.info

letthemeatcakeny.com

imgoingtohellgame.com

lovedovesbeauty.com

cheapsalenow.com

prodigynebula.win

suzhoucheckmate.com

splashautopark.com

lieflokken.com

Targets

- Target
  
  RV OFFER REF 571 - REF. INQUIRY NP17836.exe
- Size
  
  723KB
- MD5
  
  b659d359a6fafaf7954c78199552852e
- SHA1
  
  027ce3b08fe9c0c47114d6711fb26551eba96a72
- SHA256
  
  1f7f6ca2d7c0431e07e974158a6e23129fdc19994f687be71daa68aa82b4510a
- SHA512
  
  6699fc5fa65b322edb6ea59062b36deb2a33e481c608a49503c24d3479d7a1feed07ddcefdd9987e9943b5999125148c9330a1717db4f1e10a7377d4a6ef5689
Score

10^/10

formbook hkn rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2