formbook

General

Target

c48b9c850349fc52638fbbc3d8b53b82.bin
Size

530KB
Sample

231105-dhv4haaa6t
MD5

c58a9c11d89588f6cdfdeda8afe8407c
SHA1

718e93fc94bdaa24de726dfdacd23193d333bd46
SHA256

d14dedcea9f0e41cc397217af395a5dea92ae0834b381f73a04a6c5d6b094b46
SHA512

fb6c874e0795251d0b3392349734513d9099b0727f23a89550c430d36df29c20eae2d555e59c96fde246be21ef58b39a7f39e2cfc49c562164215413ff6333c4
SSDEEP

12288:8As616SKYjK8U66NnbsHiezYy3qjxAjyI3HBL:l6DYOnNn4HiOY2ixsyIXBL

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hs94

Decoy

hrnlius.com

righthouse39.store

nh12dgsdh.top

d6es.com

qjgx8ol.xyz

claricraft.com

amor-de-luxo.com

triokitchenbar.com

britlleysantos.com

hairluxe.info

openclosetstore.com

edubraintoys.com

goldeneaglescoin.com

mayacottage.com

taekyoong.com

mahiguel.com

dramulyamullapudi.com

osaruru.com

momaustralia.com

xiaotu.gay

Targets

- Target
  
  876fbd2b5fb59bfdb8b09e09a99d3ff92428eddbbfd096af61364af56de20f0c.exe
- Size
  
  1.7MB
- MD5
  
  c48b9c850349fc52638fbbc3d8b53b82
- SHA1
  
  6ba84b40b2e045d5f24526e19232f90eaffb6a6a
- SHA256
  
  876fbd2b5fb59bfdb8b09e09a99d3ff92428eddbbfd096af61364af56de20f0c
- SHA512
  
  190c02b92340059ee4bab58bf8c74a90df0d93488da174ecc28511c77a41f4481acb2830cce516797f496bcf3da84191fc119ad1dddaaf71e872c6d7cf761657
- SSDEEP
  
  24576:czL9Mn2HfaP6waDllLopDAOmHg9e5024n0wjn6PPtY:l2/aPkhlLopBmd024n0Yn6PPtY
Score

10^/10

formbook hs94 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Blocklisted process makes network request

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2