formbook

General

Target

HScx.exe
Size

681KB
Sample

240905-c8q2ss1grl
MD5

7aa9a6424157856428679fa6665b3276
SHA1

88f3a5b5cfc326bcb1fc9544af50e869c101c3c8
SHA256

c47ecbb9f13f48daa79ff7bc582625f238b8760f6a4fc542c0dcb6d2ffbec11f
SHA512

3446f3a8a2d1e06d0cac3f58f576d9329c906ac6befe561f1b46711b5e98e0b793ebbbd269b995b21026a72666496d45eec779c54109649418997c25a49adaee
SSDEEP

12288:vGZKzvnOBKYvI82Ok316ZjS5dN6cGc9oNkMS5cpSj3E4JfvafDpnqFU3:LOOXwpGT9uvA3Lhvar4FU3

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

f19g

Decoy

ppson.top

lacialshoals.sbs

871122.vip

ghase.fun

si.app

attsnew.net

iyafashion.shop

hfuj3u8a6me3.shop

3vw67fqfwnj.shop

lumbiz.xyz

fsh6j.shop

razydev.top

aronmart.shop

oreclosed-homes-82435.bond

ometria24.online

assinonet.online

j17b.xyz

-web-p501.buzz

olar-panels-1469027.zone

oecommerce.lol

Targets

- Target
  
  HScx.exe
- Size
  
  681KB
- MD5
  
  7aa9a6424157856428679fa6665b3276
- SHA1
  
  88f3a5b5cfc326bcb1fc9544af50e869c101c3c8
- SHA256
  
  c47ecbb9f13f48daa79ff7bc582625f238b8760f6a4fc542c0dcb6d2ffbec11f
- SHA512
  
  3446f3a8a2d1e06d0cac3f58f576d9329c906ac6befe561f1b46711b5e98e0b793ebbbd269b995b21026a72666496d45eec779c54109649418997c25a49adaee
- SSDEEP
  
  12288:vGZKzvnOBKYvI82Ok316ZjS5dN6cGc9oNkMS5cpSj3E4JfvafDpnqFU3:LOOXwpGT9uvA3Lhvar4FU3
Score

10^/10

formbook f19g discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2