formbook

General

Target

Orden specifications_pdf.exe
Size

253KB
Sample

210924-remjvahbej
MD5

c95fe63506ee881dc52a785afa1afd59
SHA1

f82a362e2b732f8d7ce36b5ec23ccb4d52eac15d
SHA256

cb1140dd7751382a2d56c59755a2ff38b239805148af2d108cf4f1399ca0f753
SHA512

9fc1103f862c728a107ea9d0b83026e3d400c323bcccd25b548eaa73a2a0d329d05ce8da6bb81439109a8189a08a826e241cfe251e3010b6da631dad4793ec40

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

C2

http://www.yourherogarden.net/dn7r/

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

- Target
  
  Orden specifications_pdf.exe
- Size
  
  253KB
- MD5
  
  c95fe63506ee881dc52a785afa1afd59
- SHA1
  
  f82a362e2b732f8d7ce36b5ec23ccb4d52eac15d
- SHA256
  
  cb1140dd7751382a2d56c59755a2ff38b239805148af2d108cf4f1399ca0f753
- SHA512
  
  9fc1103f862c728a107ea9d0b83026e3d400c323bcccd25b548eaa73a2a0d329d05ce8da6bb81439109a8189a08a826e241cfe251e3010b6da631dad4793ec40
Score

10^/10

formbook dn7r rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2