formbook

General

Target

1a7e6a15cb68a7921d4dd6f694f653ff2635ddb7dcc64dc4a3279f0bf7294cf7.exe
Size

228KB
Sample

221205-1kaxnsdb4v
MD5

0cb9ae3bbda860d66aecf80bb0ecdded
SHA1

5da779c51ba99bdd6d116aa07ca85d16ee1a857a
SHA256

1a7e6a15cb68a7921d4dd6f694f653ff2635ddb7dcc64dc4a3279f0bf7294cf7
SHA512

b2a77ce3b04a79547d134b626e906121e3d652880ebb36e40351f5d36b5296e3fbf9c2bc1b626c9b9d5e54a0daa429c9cb224f207abb0072b454657be244da3a
SSDEEP

6144:QBn1v53NqFxQea5h5IB5fsirujm4F6L9cFyu:gvtN0QDNILfsiQm46cV

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

lh24

Decoy

50spage.com

acesalamo.xyz

magicair.org.uk

jrroyalps.com

hohot.xyz

affichecrea.com

2048xtw.net

atlas-pars.com

cqxjbz.com

180bingxue.com

coupdechacal.com

k00050.com

twin-vitro.net

haverninstitute.com

espada-japonesa.com

launchcu.info

discountauto.club

8o7eventhebrand.com

fishersmarinaandcampground.com

crystalfloodplain.com

Targets

- Target
  
  1a7e6a15cb68a7921d4dd6f694f653ff2635ddb7dcc64dc4a3279f0bf7294cf7.exe
- Size
  
  228KB
- MD5
  
  0cb9ae3bbda860d66aecf80bb0ecdded
- SHA1
  
  5da779c51ba99bdd6d116aa07ca85d16ee1a857a
- SHA256
  
  1a7e6a15cb68a7921d4dd6f694f653ff2635ddb7dcc64dc4a3279f0bf7294cf7
- SHA512
  
  b2a77ce3b04a79547d134b626e906121e3d652880ebb36e40351f5d36b5296e3fbf9c2bc1b626c9b9d5e54a0daa429c9cb224f207abb0072b454657be244da3a
- SSDEEP
  
  6144:QBn1v53NqFxQea5h5IB5fsirujm4F6L9cFyu:gvtN0QDNILfsiQm46cV
Score

10^/10

formbook lh24 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2