formbook

General

Target

DEVIS N�067.rar
Size

399KB
Sample

211110-xxk2mafbgl
MD5

68c00295f57f89bab456380b4a407d6a
SHA1

0a6d6e98a34f0bab8caac81fa3c0c5b8dcb92c28
SHA256

f10c64e049fdcd6ac4bbebf138646aa5628a4a8b34fe8d8efac95d6c387e557a
SHA512

96e34a9da7fdfc051d8f83358fbff5e075e65f364626bb95f8ebc5f1f78242a233b15584aa325f779da87d569c18cf5356323472485ce47b30d74fd3bbcbac83

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

C2

http://www.yourherogarden.net/dn7r/

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

- Target
  
  Commander une image.exe
- Size
  
  680KB
- MD5
  
  b3e2d7ec66475428e995c4e706c4b0c5
- SHA1
  
  0d160fb47d47af61a0ca2378bd9a0844c561b39c
- SHA256
  
  9e29b8e60bf7a0e9f21ed8cca2d3e713b11e9be0ed6990e69ebf8ab5b5083c17
- SHA512
  
  2d4a73c9c7622b2ef9cfe640abfe542534866093b96a3c2ab49b3ddba8d6d54859dfcf58ba38ea2bebb9435a80123cce1cb3e48a292b4cdd7d65bef6a25be2a6
Score

10^/10

formbook dn7r rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2