formbook

General

Target

100.cab
Size

237KB
Sample

211012-qf2vgscde5
MD5

f04e25a1af04d75f065797f0ababed1c
SHA1

762152ef50e960a405dd96e7362773d2fa600eb3
SHA256

3aaea5557bd49155eb2ab101f5e6deb75fd2538b0c08ead1cc06e2324d063317
SHA512

06e86cedcc9bab0d7b1aa2d9bc35da388ca005c392bb0505a1b35258f81b1a48104661147bddb2d98318b3bddf3c660e28757233ee3242cdccffe52b0dc57e85

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rv9n

C2

http://www.cjspizza.net/rv9n/

Decoy

olivia-grace.show

zhuwww.com

keiretsu.xyz

olidnh.space

searuleansec.com

2fastrepair.com

brooklynmetalroof.com

scodol.com

novaprint.pro

the-loaner.com

nextroundscap.com

zbwlggs.com

internetautodealer.com

xn--tornrealestate-ekb.com

yunjiuhuo.com

skandinaviskakryptobanken.com

coxivarag.rest

ophthalmologylab.com

zzzzgjcdbqnn98.net

doeful.com

Targets

- Target
  
  orde443123.exe
- Size
  
  250KB
- MD5
  
  bfb2b5d00165cb4984c29c172e0dad8d
- SHA1
  
  e5baa4cfe4b0ec678910e94fc8785fd28605bb6b
- SHA256
  
  e6aaec2b958d4b734ff02c7c63b7e24a619eef826efb16b955ebe5306b9953aa
- SHA512
  
  d0d20eda540283ead0b873c27f047c7f433c4f85e1a8b890c8c4ef7daeebc91c691c2aad59de1eccca26cc8748ba123f55200a183dd7a1421f98dbd264e96815
Score

10^/10

formbook rv9n rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2