formbook

General

Target

tt copy 200393903.exe
Size

671KB
Sample

211110-xrzb3aaaf7
MD5

e13f4dfcb77ff3beec28d80ff2a770db
SHA1

8c68e428f86c45a80e41b48593df327499052410
SHA256

853cf471b4618048136973c2fb757f26f28d701fbe804285fa52c6f7388b4d12
SHA512

f043ea57dd797542107ff0948f9d6a0d7af3f342a61c5f8ca3f3d1fdad4ec8d1eb472ec4b22edef96355dbf72a0c162e3392b6f7d31706c8816e47df9f5a72b9

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ob7y

C2

http://www.metanewsroom.net/ob7y/

Decoy

ipsdjf.com

mlphntec.com

restaurant-day.store

writeramylong.com

flokigamefi.com

usetianyi.xyz

punishstrikebreaker.quest

ericnfleming.com

dhhwtieen.xyz

milfhackers.com

fewefie.store

pithstsdiet.store

kirsten-hemmerich.com

casinolopoca.com

sigag.xyz

geilepoes.com

metawhatsapp.art

sarjin.xyz

toprabatte.net

lotofbrave.club

Targets

- Target
  
  tt copy 200393903.exe
- Size
  
  671KB
- MD5
  
  e13f4dfcb77ff3beec28d80ff2a770db
- SHA1
  
  8c68e428f86c45a80e41b48593df327499052410
- SHA256
  
  853cf471b4618048136973c2fb757f26f28d701fbe804285fa52c6f7388b4d12
- SHA512
  
  f043ea57dd797542107ff0948f9d6a0d7af3f342a61c5f8ca3f3d1fdad4ec8d1eb472ec4b22edef96355dbf72a0c162e3392b6f7d31706c8816e47df9f5a72b9
Score

10^/10

formbook ob7y rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2