formbook | 2b96edf2d980fe7995c6d9294923263909d42ca10974551ab1e3544a24a4ef9b

General

Target

2576-17-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
Sample

241102-slwlrsxhlm
MD5

11a8601d7dd200312e81d61ab697d674
SHA1

fc793694a40ef3b5640f07eab4bf7500d0b5f4cb
SHA256

2b96edf2d980fe7995c6d9294923263909d42ca10974551ab1e3544a24a4ef9b
SHA512

d4967c7c29e4d6331a4f258b19e7d7a483409ceda9c14a7c09908ad7b4be567c2e28b7e65fc5ebbda6a51435c2cd63f5eb71740cdd9004b33835b99e766b0d14
SSDEEP

3072:c4Fzkqfuif4znxYO3WaC+U42ZLRLxt9DC9DXysR5L8dEfw6p1q9rAHTy:LmyoWaFFEL/1C9+o/f5zy

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h209

Decoy

sbtstuff.site

omlyes.com

movershifting.com

gearballer.com

oketoto.pro

myringleader.com

lrcjc750s.xyz

ata2024.xyz

password-manager-89409.bond

aiassistanthub.net

changvolt.cfd

netino.site

wear-wale.com

omnipresenceagency.com

huangguan.ooo

propersonnelmedia.com

9332952.com

k3s.support

ciytrw.xyz

cb095.pro

Targets

- Target
  
  2576-17-0x0000000000400000-0x000000000042F000-memory.dmp
- Size
  
  188KB
- MD5
  
  11a8601d7dd200312e81d61ab697d674
- SHA1
  
  fc793694a40ef3b5640f07eab4bf7500d0b5f4cb
- SHA256
  
  2b96edf2d980fe7995c6d9294923263909d42ca10974551ab1e3544a24a4ef9b
- SHA512
  
  d4967c7c29e4d6331a4f258b19e7d7a483409ceda9c14a7c09908ad7b4be567c2e28b7e65fc5ebbda6a51435c2cd63f5eb71740cdd9004b33835b99e766b0d14
- SSDEEP
  
  3072:c4Fzkqfuif4znxYO3WaC+U42ZLRLxt9DC9DXysR5L8dEfw6p1q9rAHTy:LmyoWaFFEL/1C9+o/f5zy
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2