formbook

General

Target

Payment.doc
Size

506KB
Sample

211101-lpmppshdf7
MD5

dc8382a437175146d43b5fccc5f96e22
SHA1

5c7926c514c5bdd3b90dd7505b6943b1487a3b1a
SHA256

d250d500cf7203a1e5a0cd460746d7e6b95e41b1fa7dafe6dd8fab07626aa675
SHA512

0ce19536f6e98913eeb1577e2b64f1b428b033bb2a3188417f4530a3912c2549a66ddd0136735aa19eb196283d80f50df0e405903cc70df91d0126e8cf2ffba7

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jy0b

C2

http://www.filecrev.com/jy0b/

Decoy

lamejorimagen.com

mykabukibrush.com

modgon.com

barefoottherapeutics.com

shimpeg.net

trade-sniper.com

chiangkhancityhotel.com

joblessmoni.club

stespritsubways.com

chico-group.com

nni8.xyz

searchtypically.online

jobsyork.com

bestsales-crypto.com

iqmarketing.info

bullcityphotobooths.com

fwssc.icu

1oc87s.icu

usdiesel.xyz

secrets2optimumnutrition.com

Targets

- Target
  
  Payment.doc
- Size
  
  506KB
- MD5
  
  dc8382a437175146d43b5fccc5f96e22
- SHA1
  
  5c7926c514c5bdd3b90dd7505b6943b1487a3b1a
- SHA256
  
  d250d500cf7203a1e5a0cd460746d7e6b95e41b1fa7dafe6dd8fab07626aa675
- SHA512
  
  0ce19536f6e98913eeb1577e2b64f1b428b033bb2a3188417f4530a3912c2549a66ddd0136735aa19eb196283d80f50df0e405903cc70df91d0126e8cf2ffba7
Score

10^/10

formbook jy0b rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2