formbook

General

Target

a5361dea0d691cafd2551e5c65a182ce.bin
Size

273KB
Sample

230924-cjyqcade74
MD5

d37032f9cb0e473472b4480622bbb36e
SHA1

16466abcf460e9b0414d19f1750979f777829183
SHA256

74d2278d5d2ac9218fb1c3cd0d03970c590c7250dcd345ea367d762eb442cea7
SHA512

388e1887d5688ceadb7414c6ca37aa70aba7c6420ff40049085aec1aab9064307229c25dfb365eb1945bfdedb3c86263772576aa114c6b637e083094309a62ec
SSDEEP

6144:tU7wZ7Stkx+HV7py8C7oqCd5TM7qv4TFhHZlLT13M/vCgF0/Ac17L9v:u7wJmxpyZoNnTM784RhHz/13qvDFN+x

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mh21

Decoy

qiandaye.top

zltgw.com

getxgp.link

forest-create.site

parsefilm.com

foodstore.top

reynoldsquality.com

tripleshops.com

altuwaijrifood.com

seniorassistedlivinglocator.com

essencedelanature.com

hrwv098.xyz

olkja.xyz

10685johansen.com

ajidenhp.com

sensifiedregistration.com

timetodatings.life

bizbet-review-pt.com

zhangming.asia

xn--vhq074eeozsda.top

Targets

- Target
  
  433bb5c159884f76056330e36138fae40b5cfea14d1b239c3665f94775426267.exe
- Size
  
  286KB
- MD5
  
  a5361dea0d691cafd2551e5c65a182ce
- SHA1
  
  29d303ce679f7a80684aaa986af86e2e0ef0029e
- SHA256
  
  433bb5c159884f76056330e36138fae40b5cfea14d1b239c3665f94775426267
- SHA512
  
  1b7b530cd9b039d70b3f61535009232ce3e242874e1752d570e9389f3ec6ab579abe43084f59370689ac18084da44c6eadef1a305f3e37784c881e21baa42992
- SSDEEP
  
  6144:vYa6OOjkaA2ORCGzTbcadnalQk23IbP0HV7gOqFBqoBieyyjcj46H:vYIGFA2nGFnaz23IbcHV71kXU5R4S
Score

10^/10

formbook mh21 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2