formbook

General

Target

4a11341c29c890e791758277f1f3de80a69246fab76aec526680b9075ad6ee94
Size

272KB
Sample

220712-r29b5ahbe9
MD5

a746979db57e815f500128d266546e66
SHA1

5eb6615875b85e4cb8227bd6fd9542f3c826ceb6
SHA256

4a11341c29c890e791758277f1f3de80a69246fab76aec526680b9075ad6ee94
SHA512

d6b36a19e7cf2e7a28f9649149fc63cf487c4b511b4151c02fa2d01d03b8fb47923b232c22f4eac3e42151bec34e49db24d0fcca11b1fd2d25c4be485692be53

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

ch73

Decoy

cti-id.net

thewholesomewhore.info

cnhuin.com

heartfueled.life

honeyberryapiary.com

hmolettingsmaidstone.com

cashzingo.com

seltaebs.net

avanti.media

pennyarcadsettlement.com

chatchat3.com

iamtheweekender.com

marniecolette.net

yedaoxing.com

lincout.com

deevonne.com

aliyougou.com

wholistichealthawakening.com

signal.solar

111972.info

Targets

- Target
  
  4a11341c29c890e791758277f1f3de80a69246fab76aec526680b9075ad6ee94
- Size
  
  272KB
- MD5
  
  a746979db57e815f500128d266546e66
- SHA1
  
  5eb6615875b85e4cb8227bd6fd9542f3c826ceb6
- SHA256
  
  4a11341c29c890e791758277f1f3de80a69246fab76aec526680b9075ad6ee94
- SHA512
  
  d6b36a19e7cf2e7a28f9649149fc63cf487c4b511b4151c02fa2d01d03b8fb47923b232c22f4eac3e42151bec34e49db24d0fcca11b1fd2d25c4be485692be53
Score

10^/10

formbook ch73 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2