formbook

General

Target

2b1539eebb7c85895026ddcd1e0b062c0d9783d90c7f86236f64f42c2e8d81ea.exe
Size

416KB
Sample

211011-wn16tahgcr
MD5

a40d9c6f964664b6b5a3ec4ed532df6c
SHA1

4c1b1a2a6610c2f262c41112364e6629d11eb7f9
SHA256

2b1539eebb7c85895026ddcd1e0b062c0d9783d90c7f86236f64f42c2e8d81ea
SHA512

be4f84af50a13e4527d0da3c4ec91aae2ea2ee52e40066699fae1a11265f734d21c84b59c6ab58219014755c33ceb1b92ff13580b09b475644b40673231652b6

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

C2

http://www.yourherogarden.net/dn7r/

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

- Target
  
  2b1539eebb7c85895026ddcd1e0b062c0d9783d90c7f86236f64f42c2e8d81ea.exe
- Size
  
  416KB
- MD5
  
  a40d9c6f964664b6b5a3ec4ed532df6c
- SHA1
  
  4c1b1a2a6610c2f262c41112364e6629d11eb7f9
- SHA256
  
  2b1539eebb7c85895026ddcd1e0b062c0d9783d90c7f86236f64f42c2e8d81ea
- SHA512
  
  be4f84af50a13e4527d0da3c4ec91aae2ea2ee52e40066699fae1a11265f734d21c84b59c6ab58219014755c33ceb1b92ff13580b09b475644b40673231652b6
Score

10^/10

formbook dn7r rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2