formbook

General

Target

General Specification -INVACO PVT.exe
Size

1.4MB
Sample

240320-nqh41sgc5z
MD5

518ae6533961ef76d292799a319e65a4
SHA1

90280c10aab7dab154ffabc8bec07239399eb9c5
SHA256

566264588abd2dc73b673b68d2ebb13a305a42b8ca5c65d2ecb5f28dc5ff6d71
SHA512

b289507e44951b35feda81a798d2fcbee61d419ed285624f24206911fd19355d48cf57b4788c325dc45419ab91b9d778e13f945b0149a1556139ed1f6d43f622
SSDEEP

24576:BAHnh+eWsN3skA4RV1Hom2KXMmHad/w4SQ3vB9CX+5:Yh+ZkldoPK8Yad/wJIvPN

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kh11

Decoy

theluckypaddle.net

assurelinkenterprises.com

gazpachogroup.com

worxservicesllc.com

bestecankurban.com

cotebrief.com

899173.com

navist.io

metaverseharem.com

genpower-plus.com

drhandgrip.com

jessicachristina.com

eidura.com

cat2000andhope1izfanfiction.com

nywaiverlatam.com

cdlb9twt.shop

j2mjewerly.com

itsmisshodges.com

timeis.shop

santefe4g.com

Targets

- Target
  
  General Specification -INVACO PVT.exe
- Size
  
  1.4MB
- MD5
  
  518ae6533961ef76d292799a319e65a4
- SHA1
  
  90280c10aab7dab154ffabc8bec07239399eb9c5
- SHA256
  
  566264588abd2dc73b673b68d2ebb13a305a42b8ca5c65d2ecb5f28dc5ff6d71
- SHA512
  
  b289507e44951b35feda81a798d2fcbee61d419ed285624f24206911fd19355d48cf57b4788c325dc45419ab91b9d778e13f945b0149a1556139ed1f6d43f622
- SSDEEP
  
  24576:BAHnh+eWsN3skA4RV1Hom2KXMmHad/w4SQ3vB9CX+5:Yh+ZkldoPK8Yad/wJIvPN
Score

10^/10

formbook kh11 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2