formbook

General

Target

tmp
Size

259KB
Sample

230303-pzp5csha3w
MD5

4e8bee4ffcd91df4d0af5ad5809a5836
SHA1

f667fdda0388044884a7b98a9e25c79344e986ec
SHA256

fe69a7884252cb7f2728065d43e5143e1c6168b5800813154f70727a97f78fc2
SHA512

7d78d0fe3c3d761db9e79de77d2100d829f46b1c343e0fe0d59c2f6e30a41ed5ab3bbe6d154b01b71c1883a824f458865d0614fe40c3178963ef5ecfe079185b
SSDEEP

6144:/Ya6Wp9dAl3KJDohZfDxO9rItqosk+MMnrSQBQvfD+DnYTT14UPj7Q:/YopwlqM7D09stErqQKvfAnYTT1PY

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ho62

Decoy

aqawonky.com

ancachsroadsideassistance.com

artologycreatlive.com

olesinfo.africa

lovebreatheandsleep.com

friendsofdragonsprings.com

homecomingmums.wiki

hg222.bet

precision-spares.co.uk

generalhospitaleu.africa

touchstone4x4.africa

dynamator.com

dental-implants-52531.com

efefear.buzz

bentonapp.net

89luxu.com

bridgesonelm.com

acesaigon.online

instantapprovals.loans

evuniverso.com

Targets

- Target
  
  tmp
- Size
  
  259KB
- MD5
  
  4e8bee4ffcd91df4d0af5ad5809a5836
- SHA1
  
  f667fdda0388044884a7b98a9e25c79344e986ec
- SHA256
  
  fe69a7884252cb7f2728065d43e5143e1c6168b5800813154f70727a97f78fc2
- SHA512
  
  7d78d0fe3c3d761db9e79de77d2100d829f46b1c343e0fe0d59c2f6e30a41ed5ab3bbe6d154b01b71c1883a824f458865d0614fe40c3178963ef5ecfe079185b
- SSDEEP
  
  6144:/Ya6Wp9dAl3KJDohZfDxO9rItqosk+MMnrSQBQvfD+DnYTT14UPj7Q:/YopwlqM7D09stErqQKvfAnYTT1PY
Score

10^/10

formbook ho62 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2