formbook | d346f44b099d0aa4226f6a6340e660e003d5293ee68c4d4fe38b301754c271fb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d346f44b099d0aa4226f6a6340e660e003d5293ee68c4d4fe38b301754c271fb
Size

344KB
Sample

230403-n37m5sga4s
MD5

42eff0c99f1958d55601dd9a74cd8d74
SHA1

b84298118dc2bc1018c6e28d305bbbc05e290242
SHA256

d346f44b099d0aa4226f6a6340e660e003d5293ee68c4d4fe38b301754c271fb
SHA512

9a97c58f3f24e6c5dc57ce456d704be8503728eace80f7adc630c167ba3004769ab5b14b87a52da4a3529fe66c4b5d65f881fe53fe97e5e5beda1f9f9e0f6617
SSDEEP

6144:roOkslvBbpfrk74RHJ/Yy9aup7dfSNWIjBG6dkEr9N:4ibZkURHJwy9aAx6BGoh

Score

10^/10

formbook my28 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

my28

Decoy

family-doctor-74284.com

dublinsroofer.com

huangshi.info

learningpaths.site

enoidemusoro.africa

devcapcapacitor.com

hairbeaut.com

forgetourco.com

dekorexpressz.com

keminguesthouse.com

harstadbudtjeneste.com

49astleystreet.com

ldkj1sw.vip

mindfulchild.uk

doyuip.xyz

caseuspageamzoncustomer.com

caressentialz.co.uk

doitchannel.com

3dr8.xyz

clinrbn.ru

Targets

- Target
  
  d346f44b099d0aa4226f6a6340e660e003d5293ee68c4d4fe38b301754c271fb
- Size
  
  344KB
- MD5
  
  42eff0c99f1958d55601dd9a74cd8d74
- SHA1
  
  b84298118dc2bc1018c6e28d305bbbc05e290242
- SHA256
  
  d346f44b099d0aa4226f6a6340e660e003d5293ee68c4d4fe38b301754c271fb
- SHA512
  
  9a97c58f3f24e6c5dc57ce456d704be8503728eace80f7adc630c167ba3004769ab5b14b87a52da4a3529fe66c4b5d65f881fe53fe97e5e5beda1f9f9e0f6617
- SSDEEP
  
  6144:roOkslvBbpfrk74RHJ/Yy9aup7dfSNWIjBG6dkEr9N:4ibZkURHJwy9aAx6BGoh
Score

10^/10

formbook my28 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookmy28ratspywarestealertrojan