formbook

General

Target

b6873c361a8425e246ec48b418f8c1cc.exe
Size

369KB
Sample

210813-fy3r2ykrdn
MD5

b6873c361a8425e246ec48b418f8c1cc
SHA1

d4f5564a35ad83e397e83fe48766d897f2f9d66f
SHA256

cd47b9cf6fd8f8d3ef5f8dd967c8a2ddabfc65db1c1b53a70d99ba2deb42678e
SHA512

b3874be03f508e278beee72658fbce951d9232a725dbe3f6f2a8fd9ba244b219489497468a91eb2ed4bda313a72296ef41b7d5be11b0e67e2fb2e8a186d6fa41

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dd2v

C2

http://www.fortmyerscruisevacation.com/dd2v/

Decoy

jkrqzmeyd.icu

cbluedottvwdshop.com

yhchen.space

premierhealthnwellness.com

szkuyaju.com

harvestmoonloans.net

dadematerial.com

mariaclarahairstudio.com

hwunvy.online

puloutjbmere.com

kossu1989.com

dubbedos.com

ncylis.com

hybrid-sol.com

travelature.com

gracefulcounts.com

66secretgarden.com

eslonyourcell.com

wisersponsorship.com

sepn3.com

Targets

- Target
  
  b6873c361a8425e246ec48b418f8c1cc.exe
- Size
  
  369KB
- MD5
  
  b6873c361a8425e246ec48b418f8c1cc
- SHA1
  
  d4f5564a35ad83e397e83fe48766d897f2f9d66f
- SHA256
  
  cd47b9cf6fd8f8d3ef5f8dd967c8a2ddabfc65db1c1b53a70d99ba2deb42678e
- SHA512
  
  b3874be03f508e278beee72658fbce951d9232a725dbe3f6f2a8fd9ba244b219489497468a91eb2ed4bda313a72296ef41b7d5be11b0e67e2fb2e8a186d6fa41
Score

10^/10

formbook dd2v rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1

T1130

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2