formbook

General

Target

New order list_pdf.gz
Size

246KB
Sample

230414-wkllysah93
MD5

e04f21d37dd0bfe7daa5241126bfb5ad
SHA1

c3be5bc927d1c28411ccc9c7b67c02fdb97d927b
SHA256

f227463b0807df173ca31a6d558e75a10d6b9ca8887f6eb48718733788f560ad
SHA512

06418caccdf72049bf124daf02ccb22a36945c1293e31831276f9a49aa344560bd72c3a05ad2e853fa3d156e0baef29c9a26a5ef5ae1959cb211165b4664ed01
SSDEEP

6144:zTZwTEXZaQ5ky9q6g4Sng62SLljDalgmtLGtBdMW4TCm7l2fhU:zTXx526LSg62SLclRt68Nlw+

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hs95

Decoy

capitalpartnersintl.com

learnotctrading.africa

kokotripbali.click

laserelitecreations.com

55522.voto

hezop.xyz

6n992.com

aelh3s.shop

victmcomssioner.org.uk

7xwithlove.com

gregdf.click

thewarehouseconsultants.africa

ilbufalaro.online

bulkcheapstamps.com

etismc.top

beautyby-eve.com

dabopixel.com

freddybrowne-17.com

heat-pumps-11472.com

cleaningbyeve.com

Targets

- Target
  
  New order list_pdf.exe
- Size
  
  260KB
- MD5
  
  9db995a644af18837b503d2d9a33bdec
- SHA1
  
  c06cd0c6e3cdfbbe49f85765335ce9eff4500edd
- SHA256
  
  dd4311e439da8393afbb51dc192317d6cd5a53b9d574971adb768c38a2bf3d71
- SHA512
  
  5c857e420be06475c1ef7ae2294f90b6eac5da0c78bcc15aa0a2284a5ab184711b6a72bfdf06fbfcb5afcebbc105466493373a208a76be8000d76777ad318fa0
- SSDEEP
  
  6144:/Ya6LZk8ky9q604SngQ2SLljDavgmtLGdBdMW4Tem7lZfhS:/YJZ726fSgQ2SLcvRtw85lFg
Score

10^/10

formbook hs95 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2