formbook

General

Target

tmp
Size

572KB
Sample

240122-xlarhscchl
MD5

e882b8df405f9651962b3e983ed78274
SHA1

698190d6b80c99e4e73323e8cfce0c9265b68d14
SHA256

ca2f01c6f516bbdf05aed26b9da20d6710a6c2f32e846a2ded654bd5f09cb01c
SHA512

0ca40788e3cd1e2c5b07ce7b0e5d50f2d3ac0f7b8c068b04128a4febe21ed83319cb28d1f16feb226facbfac99f7e82c1fecb0d9f1b66a47800264d7f29abd18
SSDEEP

12288:sE7+Q549dCqWkCW9zV9fO7X3TPetnzUMaSr:Br4rLWkNV9fObDPetzUU

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

he09

Decoy

clhear.com

maythunguyen.com

xiongmaoaijia.com

kembangzadsloh.xyz

speedwagner.com

360bedroom.com

campereurorg.top

cwxg2.site

mcdlibre.live

globigprimecompanylimited.com

1707102023-stripe.com

xhfj5.site

mugiwaranousopp.xyz

texmasco.com

sc9999.net

lite.team

8xb898.com

cibecuetowing.top

mgplatinemlak.xyz

southwestharborkeyword.top

Targets

- Target
  
  tmp
- Size
  
  572KB
- MD5
  
  e882b8df405f9651962b3e983ed78274
- SHA1
  
  698190d6b80c99e4e73323e8cfce0c9265b68d14
- SHA256
  
  ca2f01c6f516bbdf05aed26b9da20d6710a6c2f32e846a2ded654bd5f09cb01c
- SHA512
  
  0ca40788e3cd1e2c5b07ce7b0e5d50f2d3ac0f7b8c068b04128a4febe21ed83319cb28d1f16feb226facbfac99f7e82c1fecb0d9f1b66a47800264d7f29abd18
- SSDEEP
  
  12288:sE7+Q549dCqWkCW9zV9fO7X3TPetnzUMaSr:Br4rLWkNV9fObDPetzUU
Score

10^/10

formbook he09 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2