formbook

General

Target

Borrador de pedido.rar
Size

281KB
Sample

210930-dvv92agcc5
MD5

05179d5a1afc3e1883e9c8c4f62267a7
SHA1

b55bb88a4c3adfb3e061c1adfbaa3b2e6e4139d3
SHA256

1cf584b3c3eededb83018e351db64db867ed30dc15fb280d14c2d7ef810db423
SHA512

0bc18b7a5d118797595e7e647a24252f17742cad9bff2f2865c991ceb39d1457db4237dc231d6d534f5c0ab1f7ddec4ac66e2646641bc6f55581b0cd557e8cb1

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

C2

http://www.yourherogarden.net/dn7r/

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

- Target
  
  Pedido 299.exe
- Size
  
  382KB
- MD5
  
  6cbbba154506fa873c3238ed362d9a5d
- SHA1
  
  a23e5d49fdbbc76007adf5b1bf743551a32e4d9c
- SHA256
  
  28f0397af278256b634686ba73bd16ab3344f29e3a4ed7fe486e2408ee52345a
- SHA512
  
  c05a95ffcb34669bb0e472445471c3aca8255f6071cbbe135b827809347964589315fe203e4eb1b4da4ff18fa06463ea0c24b67ef2e0427b6652148dfd607988
Score

10^/10

formbook dn7r rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Suspicious use of NtCreateProcessExOtherParentProcess
- Formbook Payload
  rat
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtCreateProcessExOtherParentProcess

Formbook Payload

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2