formbook

General

Target

Purchase Order.rar
Size

298KB
Sample

211026-vakq8shhg6
MD5

0008a1f647cfb82c74b0b0c24c131de9
SHA1

ece3a8c8e782e48b1c1002b9209c73b28b22afd1
SHA256

9b678f11bc59926928b5b63dc25023caa20f4b1c7c9d0831aa70272d2404b681
SHA512

239fec0bbe69ef576d54eb7a456d47001ab7929ea0b9e2c57056258e124b65e8c97353d11e5456ffaebe25eafbe53569aa22d7801432bd1df1dbb5ffd4fe0cd3

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

C2

http://www.yourherogarden.net/dn7r/

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

- Target
  
  Purchase Order.exe
- Size
  
  381KB
- MD5
  
  8d3e4ec645035a23fa7ab2d680c32dc7
- SHA1
  
  c0eb8698c0117052af566f1128c468a06e1c0161
- SHA256
  
  b5806010e9548290a677944c53947165287883961f63490ce495203e35521ffe
- SHA512
  
  4e777d18685052678060eeb8a5621b6e7008be794ec410cca2401a76c384097be5fb14071637c6ebba258d65dad97be69ecdb10c2cfad832d4f0f5760e108d01
Score

10^/10

formbook dn7r rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2