formbook

General

Target

18179c0bcdd6133a9d82b5278c85d88cfe4b08924e5bcb7b0483148e24e93eae
Size

391KB
Sample

240831-sv888a1clp
MD5

a6e224a5fa5396d621d9cc3db243f2c3
SHA1

bffd7482a189614c1f5b691f8495de816c59664c
SHA256

18179c0bcdd6133a9d82b5278c85d88cfe4b08924e5bcb7b0483148e24e93eae
SHA512

94454f93dbe03c0b1c2f927c77df11eb21bf12d566622c73c59ffa6694c09bc2e657c8fc2a31192c2a4bb9a0e7f3c297a3ce052d4cdb4421834bbf53015432db
SSDEEP

12288:pypT48NLNLu7JtJbKaXO1MoecK4O7ekjl:cpT48xqR+SPcKLykjl

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h0gd

Decoy

hispansud.com

sanslisin156.com

izmediajo.com

fukugyo-kuchicomi.net

zjzmkj.net

powerupinnovations.com

unigradecuracao.net

inspirasimagz.com

isaacnqwilliams.store

john316graphics.net

wcparadise.net

trejoblanco.com

100x100cultura.com

beedivinehomedecor.com

polant.xyz

ascrete.com

www23855.com

emmagx.com

rekotalent.biz

fersamultiservicios.com

Targets

- Target
  
  798342d87cf72af042f7ba3d59d4c191e46cc7b11da7e618e595911d3b6a8f4b
- Size
  
  445KB
- MD5
  
  395812837b0aa6cf4b6a8d3422722949
- SHA1
  
  65aeeed97bbd92e2895c7991244579b5f6a466a4
- SHA256
  
  798342d87cf72af042f7ba3d59d4c191e46cc7b11da7e618e595911d3b6a8f4b
- SHA512
  
  0abf895278479548229544f9d94336088cb8353f2185419de2161bae84700817e190317f2e3ce6ed64e00922b6eb7d4bd27c42c3dc8fa4425900ce88d5786215
- SSDEEP
  
  6144:ckfxJlwLX+7szkXV6ufajCf8t00wn90UkKMf2f2LNvNSrhSHGYdSwQiVn7BSE0zF:H0y0mp0t0rnhuvIrUmiv7BSEKw
Score

10^/10

formbook h0gd discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2