formbook

General

Target

6HGB5SHl8XtnFWx.exe
Size

485KB
Sample

211005-qzpn9shha8
MD5

b49ae4462f5ed9597f6f3646091c707a
SHA1

0346b7e8e054c151735647d469f265028019bd2e
SHA256

90e6f10a0caabd250a9d43d12982b5861ec160177d99ad07ce68bd18d103736c
SHA512

bbecb4e15aa7bf37b440ab87d5aaaa1e7576aecd901da5e108113dc9dbd893c02eff69c205b33fe0996ab104cfb7bb909c012cc3383f766ab3180cf0d924877b

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rv9n

C2

http://www.cjspizza.net/rv9n/

Decoy

olivia-grace.show

zhuwww.com

keiretsu.xyz

olidnh.space

searuleansec.com

2fastrepair.com

brooklynmetalroof.com

scodol.com

novaprint.pro

the-loaner.com

nextroundscap.com

zbwlggs.com

internetautodealer.com

xn--tornrealestate-ekb.com

yunjiuhuo.com

skandinaviskakryptobanken.com

coxivarag.rest

ophthalmologylab.com

zzzzgjcdbqnn98.net

doeful.com

Targets

- Target
  
  6HGB5SHl8XtnFWx.exe
- Size
  
  485KB
- MD5
  
  b49ae4462f5ed9597f6f3646091c707a
- SHA1
  
  0346b7e8e054c151735647d469f265028019bd2e
- SHA256
  
  90e6f10a0caabd250a9d43d12982b5861ec160177d99ad07ce68bd18d103736c
- SHA512
  
  bbecb4e15aa7bf37b440ab87d5aaaa1e7576aecd901da5e108113dc9dbd893c02eff69c205b33fe0996ab104cfb7bb909c012cc3383f766ab3180cf0d924877b
Score

10^/10

formbook rv9n rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2