formbook

General

Target

733f49adecf3d0fd0dd2677665b0c369
Size

370KB
Sample

210812-lt8rh77jse
MD5

733f49adecf3d0fd0dd2677665b0c369
SHA1

1b615d268159e18f518153cc742b772e7d0402dc
SHA256

b98429d0910af088452746a40124e498aa3c943ce450012c770c990788f7fc89
SHA512

834c5e6f0175db1fe779336835e34361b727b14af87b33d7968e4436b696a9eeb93831c4b356de17b21d654fdba5f899f06a04d894ad00b9fd14b55399e90418

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dd2v

C2

http://www.fortmyerscruisevacation.com/dd2v/

Decoy

jkrqzmeyd.icu

cbluedottvwdshop.com

yhchen.space

premierhealthnwellness.com

szkuyaju.com

harvestmoonloans.net

dadematerial.com

mariaclarahairstudio.com

hwunvy.online

puloutjbmere.com

kossu1989.com

dubbedos.com

ncylis.com

hybrid-sol.com

travelature.com

gracefulcounts.com

66secretgarden.com

eslonyourcell.com

wisersponsorship.com

sepn3.com

Targets

- Target
  
  733f49adecf3d0fd0dd2677665b0c369
- Size
  
  370KB
- MD5
  
  733f49adecf3d0fd0dd2677665b0c369
- SHA1
  
  1b615d268159e18f518153cc742b772e7d0402dc
- SHA256
  
  b98429d0910af088452746a40124e498aa3c943ce450012c770c990788f7fc89
- SHA512
  
  834c5e6f0175db1fe779336835e34361b727b14af87b33d7968e4436b696a9eeb93831c4b356de17b21d654fdba5f899f06a04d894ad00b9fd14b55399e90418
Score

10^/10

formbook dd2v rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1

T1130

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2