formbook

General

Target

2030839873832939028083928792.arj
Size

326KB
Sample

211109-dnp5fabeep
MD5

559d0cc5b50660e923a217ed864e37db
SHA1

3c905331cb2089d3cce9f24af04c6774108936e9
SHA256

2c6b26fe3343b2c49bc7c8b06f1c2bf1ae01509ce60de6f9773e5f81816f0296
SHA512

4e57fa8c039ddf1a4b7e0d869863365912367b8b08827b97bfaa6e94fb7f50d1811f7eacc6237afb0d5833c73868dc03988a09f271647f265a18c7b8fcb04244

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ob7y

C2

http://www.metanewsroom.net/ob7y/

Decoy

ipsdjf.com

mlphntec.com

restaurant-day.store

writeramylong.com

flokigamefi.com

usetianyi.xyz

punishstrikebreaker.quest

ericnfleming.com

dhhwtieen.xyz

milfhackers.com

fewefie.store

pithstsdiet.store

kirsten-hemmerich.com

casinolopoca.com

sigag.xyz

geilepoes.com

metawhatsapp.art

sarjin.xyz

toprabatte.net

lotofbrave.club

Targets

- Target
  
  2030839873832939028083928792.exe
- Size
  
  664KB
- MD5
  
  3d44cf2cb66845f16622e1f0c405eef6
- SHA1
  
  96bb205353ccdd8480851a0092bd8554ef402cd3
- SHA256
  
  133c00d773c1e85f9a57c03d092b31784909714f7f23b7555020a9e15e4ef75b
- SHA512
  
  118306a84e5323045a2376dbda752adef03a549ae8fc2c209a8f2474e3fe28af1abe82de2d89a454d2898f10bf94d2f396d2652030cb48a66764c49ccc60c3d5
Score

10^/10

formbook ob7y rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2