formbook

General

Target

4E43EF75D5C98C17C569BF9EEE0C6128.exe
Size

272KB
Sample

230824-ntek1adg5w
MD5

4e43ef75d5c98c17c569bf9eee0c6128
SHA1

460adbbe24ceb5e17ef28f32811975865fe0f9ac
SHA256

314bb1d4fa16c81993064e89179f3027d2c7235c7f829111884c2beac761b353
SHA512

2f7e6ac7ba97123871fa9afd604b2a40fda6abf76b03e6c67dc97e698db8956f141808286f348e870810cad505d9a40226e97e35fce113e185750118d6911c23
SSDEEP

6144:PYa6sgzZPbTD9iKR539ZHLWcoi/tzKXvXz+DOYcus8djh11zXvif:PYKMZ/N/RacoMtzij+DOYb5hPqf

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mh21

Decoy

qiandaye.top

zltgw.com

getxgp.link

forest-create.site

parsefilm.com

foodstore.top

reynoldsquality.com

tripleshops.com

altuwaijrifood.com

seniorassistedlivinglocator.com

essencedelanature.com

hrwv098.xyz

olkja.xyz

10685johansen.com

ajidenhp.com

sensifiedregistration.com

timetodatings.life

bizbet-review-pt.com

zhangming.asia

xn--vhq074eeozsda.top

Targets

- Target
  
  4E43EF75D5C98C17C569BF9EEE0C6128.exe
- Size
  
  272KB
- MD5
  
  4e43ef75d5c98c17c569bf9eee0c6128
- SHA1
  
  460adbbe24ceb5e17ef28f32811975865fe0f9ac
- SHA256
  
  314bb1d4fa16c81993064e89179f3027d2c7235c7f829111884c2beac761b353
- SHA512
  
  2f7e6ac7ba97123871fa9afd604b2a40fda6abf76b03e6c67dc97e698db8956f141808286f348e870810cad505d9a40226e97e35fce113e185750118d6911c23
- SSDEEP
  
  6144:PYa6sgzZPbTD9iKR539ZHLWcoi/tzKXvXz+DOYcus8djh11zXvif:PYKMZ/N/RacoMtzij+DOYb5hPqf
Score

10^/10

formbook mh21 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2