formbook

General

Target

29383773738387477474774.arj
Size

279KB
Sample

211112-nbwrkadcd7
MD5

bc638009973bd44bd15c2bb3aab7c877
SHA1

88d30d24593b59ae93ffbdceac2f20c7ddd7fa30
SHA256

b04e5861b2a7f6ceb725dcbc23480f5ec1e212bcdc40c1d7bdbf4d8b3a346319
SHA512

50e9b59a7028bf179820217d3deadfb6b686ebfa9bd150e58449eeb965f61b917d1d6e796f264c04599ce1914609168a12ebf8c72ccbede90284cc219030ae90

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ob7y

C2

http://www.metanewsroom.net/ob7y/

Decoy

ipsdjf.com

mlphntec.com

restaurant-day.store

writeramylong.com

flokigamefi.com

usetianyi.xyz

punishstrikebreaker.quest

ericnfleming.com

dhhwtieen.xyz

milfhackers.com

fewefie.store

pithstsdiet.store

kirsten-hemmerich.com

casinolopoca.com

sigag.xyz

geilepoes.com

metawhatsapp.art

sarjin.xyz

toprabatte.net

lotofbrave.club

Targets

- Target
  
  29383773738387477474774.exe
- Size
  
  617KB
- MD5
  
  5acf0ea10b1a066dc0e959b16775b65a
- SHA1
  
  53c8f522717f86b011396816a2ded4d01a33b0c8
- SHA256
  
  418718725035504832c3febfb2372a9a5bb117d9811dcc67d1f290f8dd9900f4
- SHA512
  
  377a4ef79d36e4d91542a2d8f1e47c06d13f78ed12e3047b5a933a04e6cb2bb2d3a11d93f3983818b02e3984338de1e7c2ff0d910b0c436fee2cd840c7ca17e3
Score

10^/10

formbook ob7y rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2