formbook

General

Target

RFQ.7z
Size

239KB
Sample

211018-vh9qbsdhd7
MD5

0edbcc905729ab339330ce71774db8d7
SHA1

7c141b51aaa6b0f7d4053f3fa652fa19cb4fa4f5
SHA256

0d69c9eb2b2f399ff9df0724e08963a0be9f957013c2f78899d7b7a92930227d
SHA512

ae716760aae3a9b6aa83a575c59b7c9bf4fd46d7d42a1f4165335fc413225dc22c7546f213592ab898896a5cf677c85a1e862bd86af1beb85ed7b5341b7cc722

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

C2

http://www.yourherogarden.net/dn7r/

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

- Target
  
  Specifiche dell'ordine.com
- Size
  
  252KB
- MD5
  
  58d5b91e06edbf8ace5b5ebe98cdf558
- SHA1
  
  39c4c5887e7f0d0165dfa4ab9d1d48583f33b529
- SHA256
  
  0cdc382e574649336b29e110c3d121e8158e895b3d2de22ba5db63fa61cf01c8
- SHA512
  
  2071222a8bf6c4e969a2c2a2c987b163cbc7bb0380983ced1bcc7e79aa7ae9fc96479a565c479602b70b7530b6008514786fbdce7e202df38415e6a2d3599e7f
Score

10^/10

formbook dn7r rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2