formbook

General

Target

bnvver12345.exe
Size

258KB
Sample

211004-twamqagfd8
MD5

81a3fbaed8ef79687f45554966985c20
SHA1

256c21d905602953d3beff30aba518af5b9bef2f
SHA256

d16da4e6a63f26601dd3c961f31708db79be1aead7cf3834fafa47095b1a45a6
SHA512

589e4211fd177a11bffd16d5ae32abf646e94c3eb338a2ce9c3d8eb92581fd2a45daf03b22a26bf7347db4ed3280046c1d5f4c14d3b4f3a541fc6f947a8d54b4

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rv9n

C2

http://www.cjspizza.net/rv9n/

Decoy

olivia-grace.show

zhuwww.com

keiretsu.xyz

olidnh.space

searuleansec.com

2fastrepair.com

brooklynmetalroof.com

scodol.com

novaprint.pro

the-loaner.com

nextroundscap.com

zbwlggs.com

internetautodealer.com

xn--tornrealestate-ekb.com

yunjiuhuo.com

skandinaviskakryptobanken.com

coxivarag.rest

ophthalmologylab.com

zzzzgjcdbqnn98.net

doeful.com

Targets

- Target
  
  bnvver12345.exe
- Size
  
  258KB
- MD5
  
  81a3fbaed8ef79687f45554966985c20
- SHA1
  
  256c21d905602953d3beff30aba518af5b9bef2f
- SHA256
  
  d16da4e6a63f26601dd3c961f31708db79be1aead7cf3834fafa47095b1a45a6
- SHA512
  
  589e4211fd177a11bffd16d5ae32abf646e94c3eb338a2ce9c3d8eb92581fd2a45daf03b22a26bf7347db4ed3280046c1d5f4c14d3b4f3a541fc6f947a8d54b4
Score

10^/10

formbook rv9n rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2