formbook | 70f32a20f79a7bff35560af814867b770998faf1be40fd3dc04ddab93c45f6e0 | Triage

Sharing

General

Target

70f32a20f79a7bff35560af814867b770998faf1be40fd3dc04ddab93c45f6e0
Size

398KB
Sample

221206-q9vy2age8w
MD5

c25c9877c55e1c43283910d400d91e2c
SHA1

e75a014931488473a0f220a81e83742f3afc66b7
SHA256

70f32a20f79a7bff35560af814867b770998faf1be40fd3dc04ddab93c45f6e0
SHA512

77f8ff58fede53e7109796b9bbc200cd78337d6d654b9801e12e1dcf4acf04d8e7127996d1e4d60265334dac348566518cf32a500c57cbe5c5c61ac6f91a1b04
SSDEEP

3072:bEhKzShSycJWiUTh0Mu3F1dMppyaoJWUytFznR/OlAuxY7PWWYa/K4bKKUDFtv09:bBnyFu10YWbFznRWGDFKnKUDFtv0koH

Score

10^/10

formbook wh23 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

wh23

Decoy

ow9vyvfee.com

alvis.one

mutantgobz.claims

plynofon.com

southofkingst.store

nuvidamedspa.com

coffeeforyou56.com

opaletechevents.com

momobar.life

abcmousu.com

learnicd-11.com

tipokin.xyz

kahvezevki.com

suratdimond.com

oldartists.best

infoepic.info

mattresslabo.com

skarlmotors.com

cl9319x.xyz

med49app.net

Targets

- Target
  
  70f32a20f79a7bff35560af814867b770998faf1be40fd3dc04ddab93c45f6e0
- Size
  
  398KB
- MD5
  
  c25c9877c55e1c43283910d400d91e2c
- SHA1
  
  e75a014931488473a0f220a81e83742f3afc66b7
- SHA256
  
  70f32a20f79a7bff35560af814867b770998faf1be40fd3dc04ddab93c45f6e0
- SHA512
  
  77f8ff58fede53e7109796b9bbc200cd78337d6d654b9801e12e1dcf4acf04d8e7127996d1e4d60265334dac348566518cf32a500c57cbe5c5c61ac6f91a1b04
- SSDEEP
  
  3072:bEhKzShSycJWiUTh0Mu3F1dMppyaoJWUytFznR/OlAuxY7PWWYa/K4bKKUDFtv09:bBnyFu10YWbFznRWGDFKnKUDFtv0koH
Score

10^/10

formbook wh23 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookwh23ratspywarestealertrojan