formbook

General

Target

9caba44fdb0c76663b2a094b27a39de5b2c84be6a6a08a49c683b6d0e6f23750
Size

534KB
Sample

240417-r46zsacf85
MD5

588d1b7129281d248068801bddb2935c
SHA1

258266fd0cb689904404ec50272a67455a3a26f7
SHA256

9caba44fdb0c76663b2a094b27a39de5b2c84be6a6a08a49c683b6d0e6f23750
SHA512

7540708e6ead32023a8e6776c1a48e979cc734dbd11e4d49703eae424e5a1908c609ee9eba58f432ec22eb9e0596de1374219b7d8102a0bd6cf22c50867355f4
SSDEEP

12288:DxFGDDQ2u7gOJLfWh5aLeSgFKiyZJOJWRuL:DL2uHWb5tFDSuL

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

he09

Decoy

clhear.com

maythunguyen.com

xiongmaoaijia.com

kembangzadsloh.xyz

speedwagner.com

360bedroom.com

campereurorg.top

cwxg2.site

mcdlibre.live

globigprimecompanylimited.com

1707102023-stripe.com

xhfj5.site

mugiwaranousopp.xyz

texmasco.com

sc9999.net

lite.team

8xb898.com

cibecuetowing.top

mgplatinemlak.xyz

southwestharborkeyword.top

Targets

- Target
  
  0509f94b1130c86832027f9990c3f3da9a84bc00f1462e99e8ef16a806944bb4.exe
- Size
  
  699KB
- MD5
  
  591dac333aff7739bf01a4c9d3e838a5
- SHA1
  
  5211f3ab4d80644439220d11fb204eb2bee9fdb8
- SHA256
  
  0509f94b1130c86832027f9990c3f3da9a84bc00f1462e99e8ef16a806944bb4
- SHA512
  
  b511a6b960b2c092577ab8fbf20767e9ad5dc86682e76e630602cfd88b4e8bf9b8fa8fac7e60fd4aa40ca8bcb49f69b9e8e9cc5a44f4c4b03d6e3d38ff402bfd
- SSDEEP
  
  12288:igPORaYk0qKfhkakf3SOQdFqfwszM3FlnrE/a+:dfYjqKfhK3zkFqfwr
Score

10^/10

formbook he09 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2