formbook

General

Target

514797a6bc29a3576aab268de1a8fed7df7adba5f77c4b7f6c8d91c1567d9339
Size

1.7MB
Sample

231114-m7zyesbh4s
MD5

f68b936e01d0fe86629f55b5f4de3405
SHA1

dc8f0f005d0fd3a8c508f8e2e12a324440bb5164
SHA256

514797a6bc29a3576aab268de1a8fed7df7adba5f77c4b7f6c8d91c1567d9339
SHA512

9db64b2e675a741e165d6d65d3c2bdf7b2126a018b0ce1e1a92daf4fabbad5e40bd25bf913d59e0f7ea1ac03b081cab7f0de1f56ca9f7360df24b485dcc7263b
SSDEEP

24576:A/jWyB2cRZnMMWRk2Cm+OXpDLO/hLK6xXjV3MBsnd:A/jrBBRZnMJRk2H+OVLO/hLK6xXqg

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hs94

Decoy

hrnlius.com

righthouse39.store

nh12dgsdh.top

d6es.com

qjgx8ol.xyz

claricraft.com

amor-de-luxo.com

triokitchenbar.com

britlleysantos.com

hairluxe.info

openclosetstore.com

edubraintoys.com

goldeneaglescoin.com

mayacottage.com

taekyoong.com

mahiguel.com

dramulyamullapudi.com

osaruru.com

momaustralia.com

xiaotu.gay

Targets

- Target
  
  514797a6bc29a3576aab268de1a8fed7df7adba5f77c4b7f6c8d91c1567d9339
- Size
  
  1.7MB
- MD5
  
  f68b936e01d0fe86629f55b5f4de3405
- SHA1
  
  dc8f0f005d0fd3a8c508f8e2e12a324440bb5164
- SHA256
  
  514797a6bc29a3576aab268de1a8fed7df7adba5f77c4b7f6c8d91c1567d9339
- SHA512
  
  9db64b2e675a741e165d6d65d3c2bdf7b2126a018b0ce1e1a92daf4fabbad5e40bd25bf913d59e0f7ea1ac03b081cab7f0de1f56ca9f7360df24b485dcc7263b
- SSDEEP
  
  24576:A/jWyB2cRZnMMWRk2Cm+OXpDLO/hLK6xXjV3MBsnd:A/jrBBRZnMJRk2H+OVLO/hLK6xXqg
Score

10^/10

formbook hs94 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2