formbook

General

Target

Orden 01000902.rar
Size

204KB
Sample

210924-jfgqzsgcdp
MD5

813a48411042f4e95fa8118cac78ae22
SHA1

8533d4031b2a8f828a74d5164383ab9a21d5cfb4
SHA256

dcb148690e2f017e5f28ab200dc2772c50be55de48ac9ec96469931b42bf6e1a
SHA512

1348a48c53a4a5073f01677373acf853a0f0072dca70bcfb11c02d7a7a865b0af20159420bfd1c3ca8980c2dd1ec3bedbed6877600c043f8ab935759de034f9c

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

C2

http://www.yourherogarden.net/dn7r/

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

- Target
  
  docs image screenshot.scr
- Size
  
  263KB
- MD5
  
  7de03d8fae8732ac9dc5cdc70f8c98a3
- SHA1
  
  42524a6c409752fad843fa87a86e858e311af607
- SHA256
  
  7058bb27087ef6cfdd8e41e3e8aab66ed8a97d2be116cb0ed8acec7799446e59
- SHA512
  
  69b5294261c34c36035406de5a1463d12383c468a7f39ceb8405c11ec248ef5293ac65393d7c1a37917b6c3c8cd150363982ec4e958c10146596c00d5207c4ff
Score

10^/10

formbook dn7r rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Suspicious use of NtCreateProcessExOtherParentProcess
- Formbook Payload
  rat
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtCreateProcessExOtherParentProcess

Formbook Payload

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2