formbook | dfea583f79abd30e4a52da25818a436ce0fe70c5f0797e75eb8efb4df3b395ec

General

Target

2380-7-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
Sample

250327-pv6asatqt7
MD5

3a00c15ed411cd475bfab4fb1edf2a4a
SHA1

5a161b86a2844b429a4a68a74f5f03045d84908a
SHA256

dfea583f79abd30e4a52da25818a436ce0fe70c5f0797e75eb8efb4df3b395ec
SHA512

6d40e93c5719759074e11785bab34db3319bcae4533eb70a04fd51ef4d9d8a4fc4422c6d735975c643ce134b008487a318d6224a719656fff600a9a78849e8c5
SSDEEP

3072:Q9E6Fei3oJl0zRAhjfN5f/Jj3rvZrF05KC+j2+Sl4:kNahjlVJj3rvZrF0g2+m4

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ts49

Decoy

aytolljqp.vip

ibnllc.net

impiezasvalladolid.net

reteon.xyz

edeliva.net

qynja.top

eometricdesigns.shop

64784p6.top

odhipoteke.online

ilezjan.net

om-dt02.cyou

xoticgirldrip.net

2livegames.live

ona88.skin

enerator-bcq.xyz

hared-office-4198379.zone

uyer.net

pilirplink.fun

t38asc.net

ntalyaescortking.site

Targets

- Target
  
  2380-7-0x0000000000400000-0x000000000042F000-memory.dmp
- Size
  
  188KB
- MD5
  
  3a00c15ed411cd475bfab4fb1edf2a4a
- SHA1
  
  5a161b86a2844b429a4a68a74f5f03045d84908a
- SHA256
  
  dfea583f79abd30e4a52da25818a436ce0fe70c5f0797e75eb8efb4df3b395ec
- SHA512
  
  6d40e93c5719759074e11785bab34db3319bcae4533eb70a04fd51ef4d9d8a4fc4422c6d735975c643ce134b008487a318d6224a719656fff600a9a78849e8c5
- SSDEEP
  
  3072:Q9E6Fei3oJl0zRAhjfN5f/Jj3rvZrF05KC+j2+Sl4:kNahjlVJj3rvZrF0g2+m4
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2