formbook

General

Target

6007342493761536.zip
Size

536KB
Sample

210921-zqc4jsafg3
MD5

0efb0405579332715f93e766faa4382d
SHA1

07a1d2a8a185bf269f7065dfe3f59fa0433a86e4
SHA256

f1b8fc3f682366d92c9e28463c7ff61680deda3af51956b72aa37b3fc32ca831
SHA512

1def5863742ec5326b61042ad7eb6e02d1cf068e4f7683870ae2711d8345e63ecdd9cb7e278a3fd8f3621f8ecc656df7c304513ad085390be5782ea0d7f61b09

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

C2

http://www.yourherogarden.net/dn7r/

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

- Target
  
  b09dd6b473d43843832e73642098fca7b9651aa0160046d332fc7d04878c6d6b
- Size
  
  601KB
- MD5
  
  81326fb3d6db7adb4938d0ea495a7d8e
- SHA1
  
  496e10908df973637f53be3556843a9264b55337
- SHA256
  
  b09dd6b473d43843832e73642098fca7b9651aa0160046d332fc7d04878c6d6b
- SHA512
  
  df895d329084c8e6761c59c6f1cb7b9e78072f74adf610c2f6484025ab2c9c609a627cf0c4230cc46a0ceeb6285ef80a474381a851172f5de7ef0da09474e255
Score

10^/10

formbook dn7r rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2