formbook

General

Target

rrte40912.exe
Size

251KB
Sample

211026-q7jszshfc4
MD5

a899be6f029cfd854ec4a7ba4ed3cb18
SHA1

27d5d4f94ef4ecf3b31037c13e7aba6c2ec91b1f
SHA256

beb458006bbe9796bf068d0c752a43d5142898dbbd3fa68fca6abc3684471e5e
SHA512

126f380d3a4c69b23288d3e0b9f39252e24bed81883abd1d24b1e0cb71ae6c0acdf509eed3e5ea9b3b3033fda06f5734a6d81b505b5368051ff93f80bf4f006d

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rv9n

C2

http://www.cjspizza.net/rv9n/

Decoy

olivia-grace.show

zhuwww.com

keiretsu.xyz

olidnh.space

searuleansec.com

2fastrepair.com

brooklynmetalroof.com

scodol.com

novaprint.pro

the-loaner.com

nextroundscap.com

zbwlggs.com

internetautodealer.com

xn--tornrealestate-ekb.com

yunjiuhuo.com

skandinaviskakryptobanken.com

coxivarag.rest

ophthalmologylab.com

zzzzgjcdbqnn98.net

doeful.com

Targets

- Target
  
  rrte40912.exe
- Size
  
  251KB
- MD5
  
  a899be6f029cfd854ec4a7ba4ed3cb18
- SHA1
  
  27d5d4f94ef4ecf3b31037c13e7aba6c2ec91b1f
- SHA256
  
  beb458006bbe9796bf068d0c752a43d5142898dbbd3fa68fca6abc3684471e5e
- SHA512
  
  126f380d3a4c69b23288d3e0b9f39252e24bed81883abd1d24b1e0cb71ae6c0acdf509eed3e5ea9b3b3033fda06f5734a6d81b505b5368051ff93f80bf4f006d
Score

10^/10

formbook rv9n rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2