formbook

General

Target

34ce02128dda642524171ede5384031490296bdb01c575f060ff31f63f52d6c9
Size

385KB
Sample

240831-l136tsyakh
MD5

70c7d20921d195775ebd16a2a3dd160b
SHA1

12cdc502278db747f3bde36c2045616874810829
SHA256

34ce02128dda642524171ede5384031490296bdb01c575f060ff31f63f52d6c9
SHA512

ac84121ad495039fc5f941754488ea28ab649225ba3e53cdaa052327bbcadaa63159991534bcf7a2c21063fc9c2cee68bcc38905f39ca3f22860824c9045504e
SSDEEP

6144:l5M+yTnhcf275bGiuvVP54xhDYosrZxMKGoJJGHHAslU81BooNA3xtdfchY:lybaf2tb1qVP5OhDYosorofGfooW3xzH

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h0gd

Decoy

hispansud.com

sanslisin156.com

izmediajo.com

fukugyo-kuchicomi.net

zjzmkj.net

powerupinnovations.com

unigradecuracao.net

inspirasimagz.com

isaacnqwilliams.store

john316graphics.net

wcparadise.net

trejoblanco.com

100x100cultura.com

beedivinehomedecor.com

polant.xyz

ascrete.com

www23855.com

emmagx.com

rekotalent.biz

fersamultiservicios.com

Targets

- Target
  
  7c1c972f058bd07c1b40b438e02744508eebbc081ecedbf9a530fee20bce4475
- Size
  
  465KB
- MD5
  
  ea525b4bd2b17625c41dae5a5ace5443
- SHA1
  
  f09a072f32cb7228ce218de73a54cbf1b9665476
- SHA256
  
  7c1c972f058bd07c1b40b438e02744508eebbc081ecedbf9a530fee20bce4475
- SHA512
  
  5ff381b1fec3027fe53b19f2f42af446482e5a60b04e8e6f64938d229a718d1d04153c0cb51ebe428add7821dde42c552568733b80fd848b5dddaf2e87675158
- SSDEEP
  
  12288:4xqYGKTd2BX88USFRszOIHy6LrrIs8hkM1E:WqKTd25UKk5LrIw
Score

10^/10

formbook h0gd discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2