formbook

General

Target

50fe8f68de11579bdf0d4703cc9e6a1f0f9817a5605b15977c229bf5c522338d.zip
Size

273KB
Sample

230308-qgjqased66
MD5

13a251c8c8916f1ca35394b3f510e381
SHA1

c160f3d66e9adc092b2a01060bf65bd5d1d436db
SHA256

4a5309177d4f6abcd769add4273ecae79c990e124877765c1c4ab27b7236c8c2
SHA512

10942330988a1bb98c9a8a689ca76ea8516e2c97f2046498f5dd186fe209f6ae1e15bc357c99f37b7074f9ae53162c33abb27c7a02df7ba37fffd1b7e66abaa5
SSDEEP

6144:TnZKzCayQ4nSb6tZ8ZRWoMGtX+SLm7JchPC8RUAw9Alz8buZo7u:wzCe3b+8Z/f+SWJc1CUUAwSYC4u

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ho62

Decoy

aqawonky.com

ancachsroadsideassistance.com

artologycreatlive.com

olesinfo.africa

lovebreatheandsleep.com

friendsofdragonsprings.com

homecomingmums.wiki

hg222.bet

precision-spares.co.uk

generalhospitaleu.africa

touchstone4x4.africa

dynamator.com

dental-implants-52531.com

efefear.buzz

bentonapp.net

89luxu.com

bridgesonelm.com

acesaigon.online

instantapprovals.loans

evuniverso.com

Targets

- Target
  
  50fe8f68de11579bdf0d4703cc9e6a1f0f9817a5605b15977c229bf5c522338d.exe
- Size
  
  349KB
- MD5
  
  ba645c8235d19c8407c81d62470eedf8
- SHA1
  
  9b78b515d6869753e2bb3e46d1307deccef79e57
- SHA256
  
  50fe8f68de11579bdf0d4703cc9e6a1f0f9817a5605b15977c229bf5c522338d
- SHA512
  
  7efa198fd976f2660fc033f708739c003210ae88e50938abec6ce919e85246ca4a6d4f3db0e105b16094b08a68ad1234b5986cfed43c90b239369a46e95a65de
- SSDEEP
  
  6144:jYa6a3R6bVzifniXpVKRNQfgwq+DMhfii10dqeH+QE:jY03RYV+Op8Ugwq+HiSg0PE
Score

10^/10

formbook ho62 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2