formbook

General

Target

SecuriteInfo.com.Trojan.Siggen18.28487.29444.14710
Size

464KB
Sample

220728-pzmdgagdfl
MD5

e3ae60d5d8febf81faa40b4f1037973f
SHA1

acb898e85fbe7683beffc4a0ffdca722fba6362e
SHA256

ba8e5d725013aa2a898943146887600af1cbe89c9ec36e5b4922b36976794a85
SHA512

985e39c0960ee1fc39f9b05a448712ceb452e58909517f9abe37724b13821ad633825c6555edf98ccbc60512702e25ff93fd1df65fc0e8ffde6f97fcc571ba73

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mh76

Decoy

healthgovcalottery.net

wenxinliao.com

rooterphd.com

bbobbo.one

american-mes-de-dezembro.xyz

mintager.com

thespecialtstore.com

wemakegreenhomes.com

occurandmental.xyz

fidelityrealtytitle.com

numerisat.asia

wearestallions.com

supxl.com

rajacumi.com

renaziv.online

blixtindustries.com

fjljq.com

exploretrivenicamping.com

authenticusspa.com

uucloud.press

Targets

- Target
  
  SecuriteInfo.com.Trojan.Siggen18.28487.29444.14710
- Size
  
  464KB
- MD5
  
  e3ae60d5d8febf81faa40b4f1037973f
- SHA1
  
  acb898e85fbe7683beffc4a0ffdca722fba6362e
- SHA256
  
  ba8e5d725013aa2a898943146887600af1cbe89c9ec36e5b4922b36976794a85
- SHA512
  
  985e39c0960ee1fc39f9b05a448712ceb452e58909517f9abe37724b13821ad633825c6555edf98ccbc60512702e25ff93fd1df65fc0e8ffde6f97fcc571ba73
Score

10^/10

formbook mh76 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Blocklisted process makes network request

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2