formbook

General

Target

cfe71b8bd0a8d2dfc025eb646af5c1ffadb0e466ee4ddbec62b6ef5fa54ffad9
Size

429KB
Sample

231011-ryt32ade4t
MD5

ce2a9e827802517985137b874a48c5de
SHA1

bafcd1db5521cd526a25890739ec47dd8c3135b9
SHA256

cfe71b8bd0a8d2dfc025eb646af5c1ffadb0e466ee4ddbec62b6ef5fa54ffad9
SHA512

4d9bc8b09e30a06d1939830e9e6a5e272558dcc02aec9675c2c5c6ceb5fe91f22f00fb532aab52cffe1664c5d1b126399f5d5b5bdc04cc8b836d2d37dee99be9
SSDEEP

6144:jplxSd8jhI1m5JLLiypgZfNUULnquulyj16vt1WUixKIMaPHJX3rBhvBaJkOujwh:j+mHq/SULnolyUWUixKzMbBh5rAiwj/

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mh21

Decoy

qiandaye.top

zltgw.com

getxgp.link

forest-create.site

parsefilm.com

foodstore.top

reynoldsquality.com

tripleshops.com

altuwaijrifood.com

seniorassistedlivinglocator.com

essencedelanature.com

hrwv098.xyz

olkja.xyz

10685johansen.com

ajidenhp.com

sensifiedregistration.com

timetodatings.life

bizbet-review-pt.com

zhangming.asia

xn--vhq074eeozsda.top

Targets

- Target
  
  Dekont.pdf.exe
- Size
  
  523KB
- MD5
  
  00c530ddcfaeed76880d3813eb299fd0
- SHA1
  
  1804eca4b9abfae9be3bf90575142044b6768a1f
- SHA256
  
  d8d4a283c2cf6b0b3339d73021955f68d748cad0fd0646f84dbba778e682253e
- SHA512
  
  3712037c8188d696570a621960e6ac077dc2fbc9bb92398df96d137635c6bc25ba54895c3a80f993ec6d3c7c7a707b9167f23b39a853591067332ff59f325d60
- SSDEEP
  
  12288:94/Mb60lGYuvC6Zea5M38EHOFdnEqX3o3AgX4N6:Q0lLuK61u8ScnD0AN6
Score

10^/10

formbook mh21 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2