Overview

overview

10

Static

static

1

online_pdf.com.exe

windows7_x64

10

online_pdf.com.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    online_pdf.com

  • Size

    491KB

  • Sample

    211105-jbvgaaahb5

  • MD5

    3cdbec5b22be037209b38ea585de4a50

  • SHA1

    f904a637406954b6d613152a0bbebfccc514dc3e

  • SHA256

    25439bd1af262e2afc1fffd901a00d423a77b1da0a6b5c23302e4744b5e0116a

  • SHA512

    da8fe366ca35b4eea7c998e0456baa6a5bff1cdca014564e0803823b89bfa5c55206e7f83dbfb6b8e38963ff194e9454001ac00c91cdd37c47801b17ce1aae96

Score
10/10
formbookdn7rratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

C2

http://www.yourherogarden.net/dn7r/

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

    • Target

      online_pdf.com

    • Size

      491KB

    • MD5

      3cdbec5b22be037209b38ea585de4a50

    • SHA1

      f904a637406954b6d613152a0bbebfccc514dc3e

    • SHA256

      25439bd1af262e2afc1fffd901a00d423a77b1da0a6b5c23302e4744b5e0116a

    • SHA512

      da8fe366ca35b4eea7c998e0456baa6a5bff1cdca014564e0803823b89bfa5c55206e7f83dbfb6b8e38963ff194e9454001ac00c91cdd37c47801b17ce1aae96

    Score
    10/10
    formbookdn7rratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks