formbook | de17faa9dd23c118ad9f22ce4b675a85646055e3d8fd39e53fe95d021b90ef6d

General

Target

2724-24-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
Sample

250125-dehc8stlgq
MD5

2ffb4a834a970536352dc1f94f32f532
SHA1

f116db108f153e90f77626d42a849beb8e471f67
SHA256

de17faa9dd23c118ad9f22ce4b675a85646055e3d8fd39e53fe95d021b90ef6d
SHA512

3f0e414e44ada281b028cbe327e5157b1442e0e646a02b35a22eabf75151b3e919ac7e3b3e31e14b243089f598ba79747f649f53c28a8aff521f6f749b924307
SSDEEP

3072:HdRVCFrep+9El4C5W/NhzMej1pN6pG8t5xC5C+EjhPgRpfJbBLSeu:jVVpWD/NNp6pG8t5xnNKNJbX

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a03d

Decoy

nfluencer-marketing-13524.bond

cebepu.info

lphatechblog.xyz

haoyun.website

itiz.xyz

orld-visa-center.online

si.art

alata.xyz

mmarketing.xyz

elnqdjc.shop

ensentoto.cloud

voyagu.info

onvert.today

1fuli9902.shop

otelhafnia.info

rumpchiefofstaff.store

urvivalflashlights.shop

0090.pizza

ings-hu-13.today

oliticalpatriot.net

Targets

- Target
  
  2724-24-0x0000000000400000-0x000000000042F000-memory.dmp
- Size
  
  188KB
- MD5
  
  2ffb4a834a970536352dc1f94f32f532
- SHA1
  
  f116db108f153e90f77626d42a849beb8e471f67
- SHA256
  
  de17faa9dd23c118ad9f22ce4b675a85646055e3d8fd39e53fe95d021b90ef6d
- SHA512
  
  3f0e414e44ada281b028cbe327e5157b1442e0e646a02b35a22eabf75151b3e919ac7e3b3e31e14b243089f598ba79747f649f53c28a8aff521f6f749b924307
- SSDEEP
  
  3072:HdRVCFrep+9El4C5W/NhzMej1pN6pG8t5xC5C+EjhPgRpfJbBLSeu:jVVpWD/NNp6pG8t5xnNKNJbX
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2