formbook

General

Target

85abcc70fdc2527f8c6572efbd759073c1b409b9a806f2b27425808bbe3211ba
Size

261KB
Sample

230306-dsj4zsaa2s
MD5

6f67808d109e693faccbead538c9fdd9
SHA1

a96325f7bb589f8b63af347c982e1a9177cc8686
SHA256

85abcc70fdc2527f8c6572efbd759073c1b409b9a806f2b27425808bbe3211ba
SHA512

88e52f650ae7c8936e8b2ebe2b4d883f7f577da491d85b2ba1ecc2c7f535961b4db8e5b6bd2567bf61fae38bb9bf40c9a66b7433c8b105868efa6e95b5aaa710
SSDEEP

6144:PYa6gVlkprrwLO5cekvA/NpGuEFJLyDFMfrQKD/IEdE3ZKAxXR:PYWVyprr1cTuELugQKD/IEG3ZKa

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ho62

Decoy

aqawonky.com

ancachsroadsideassistance.com

artologycreatlive.com

olesinfo.africa

lovebreatheandsleep.com

friendsofdragonsprings.com

homecomingmums.wiki

hg222.bet

precision-spares.co.uk

generalhospitaleu.africa

touchstone4x4.africa

dynamator.com

dental-implants-52531.com

efefear.buzz

bentonapp.net

89luxu.com

bridgesonelm.com

acesaigon.online

instantapprovals.loans

evuniverso.com

Targets

- Target
  
  85abcc70fdc2527f8c6572efbd759073c1b409b9a806f2b27425808bbe3211ba
- Size
  
  261KB
- MD5
  
  6f67808d109e693faccbead538c9fdd9
- SHA1
  
  a96325f7bb589f8b63af347c982e1a9177cc8686
- SHA256
  
  85abcc70fdc2527f8c6572efbd759073c1b409b9a806f2b27425808bbe3211ba
- SHA512
  
  88e52f650ae7c8936e8b2ebe2b4d883f7f577da491d85b2ba1ecc2c7f535961b4db8e5b6bd2567bf61fae38bb9bf40c9a66b7433c8b105868efa6e95b5aaa710
- SSDEEP
  
  6144:PYa6gVlkprrwLO5cekvA/NpGuEFJLyDFMfrQKD/IEdE3ZKAxXR:PYWVyprr1cTuELugQKD/IEG3ZKa
Score

10^/10

formbook ho62 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2