formbook

General

Target

79bcad797129c0be508de0fe7b0462b1aaffbafa74a4e7019a4561deb674f4bd.exe
Size

679KB
Sample

241002-bre3jazepm
MD5

754fa726ba767c17ebbce69e967d40ca
SHA1

b011ef478a435e685c3180d10c1c25bbc58ce105
SHA256

79bcad797129c0be508de0fe7b0462b1aaffbafa74a4e7019a4561deb674f4bd
SHA512

ad6b237579b0d4f9993e0894a6923882243df1d3b7722fb9496962dfd6c5b7a7828e7ff4d6b4c8adba621e58ffdd6dc33bb3dc9650ec461fa457a50785217177
SSDEEP

12288:dE3YCt5VADTdLpS8UMYw3Etz44KBvC3eimLMXm:dwYCmLpS9k3E944Ko3eiUF

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hy08

Decoy

weazc.top

servoceimmpajhnuz.info

vqemkdhi.xyz

wergol.com

spa-mk.com

rtpsid88.life

tatetits.fun

raidsa.xyz

suojiansuode.net

jointhejunction.com

wudai.net

typeboot.shop

mksport-app.com

miocloud.ovh

taipan77pandan.com

wwwhg58a.com

khuahamiksai31.pro

carpedatumllc.net

safebinders.com

krx21.com

Targets

- Target
  
  79bcad797129c0be508de0fe7b0462b1aaffbafa74a4e7019a4561deb674f4bd.exe
- Size
  
  679KB
- MD5
  
  754fa726ba767c17ebbce69e967d40ca
- SHA1
  
  b011ef478a435e685c3180d10c1c25bbc58ce105
- SHA256
  
  79bcad797129c0be508de0fe7b0462b1aaffbafa74a4e7019a4561deb674f4bd
- SHA512
  
  ad6b237579b0d4f9993e0894a6923882243df1d3b7722fb9496962dfd6c5b7a7828e7ff4d6b4c8adba621e58ffdd6dc33bb3dc9650ec461fa457a50785217177
- SSDEEP
  
  12288:dE3YCt5VADTdLpS8UMYw3Etz44KBvC3eimLMXm:dwYCmLpS9k3E944Ko3eiUF
Score

10^/10

formbook hy08 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2