formbook

General

Target

SCANNED-DOC.arj
Size

271KB
Sample

211109-pg14xafbg5
MD5

ed49013b8eb99026975e33c54aa46ef2
SHA1

1ede220368d50096da554c656316e155ac323214
SHA256

19e10d29182580693a9cc5d6ea3361bdb4a3c513222bb2635f23098aec3c3ff2
SHA512

e3e1a736ae73ad8a032bff0411a38e0fe991d89b4145c99829711eee4f2bb0b99cd96b92209389ebcbebe4f4bb175823f017800b58fbe3c6dd8c50ba8445fc7b

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ob7y

C2

http://www.metanewsroom.net/ob7y/

Decoy

ipsdjf.com

mlphntec.com

restaurant-day.store

writeramylong.com

flokigamefi.com

usetianyi.xyz

punishstrikebreaker.quest

ericnfleming.com

dhhwtieen.xyz

milfhackers.com

fewefie.store

pithstsdiet.store

kirsten-hemmerich.com

casinolopoca.com

sigag.xyz

geilepoes.com

metawhatsapp.art

sarjin.xyz

toprabatte.net

lotofbrave.club

Targets

- Target
  
  3028893982802839.exe
- Size
  
  284KB
- MD5
  
  e1c2523d56fbbf2c1ae418d41304e531
- SHA1
  
  69438046997d5a30a7be61c51b7d6114e9408fcf
- SHA256
  
  f6c1dc28509953d4c7df0cd272714f2ba3de92f85b2ba90d071710580f1df635
- SHA512
  
  eee6c776dbd7efc0aab52ee16d7d2194933fabefe6f8c1e86215e06f88ada10334595dfc82f698df34b459b2429d5766e3c455caa796b6040568ddf41895fe71
Score

10^/10

formbook ob7y rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2