formbook

General

Target

210293873747736464664GEH746464.PDF.ISO
Size

311KB
Sample

211114-cjxhaacgam
MD5

d9a98cc0142e660a8cdc1999ca8fe748
SHA1

2c7e62eafe9551741d489ec49cb54098f47cdd13
SHA256

2871bdbb1ceee094de078b9ffbfa018841072565f5a2177cfb2860f2f86189e1
SHA512

5f53aa4651597bcbffcd86358af3c280d89f51cd5017b73fead01d11c49af2222700316ed63651ed7a013dd26ce5a739b76d0aacb5459f36002a7cd41aefe2d1

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ob7y

C2

http://www.metanewsroom.net/ob7y/

Decoy

ipsdjf.com

mlphntec.com

restaurant-day.store

writeramylong.com

flokigamefi.com

usetianyi.xyz

punishstrikebreaker.quest

ericnfleming.com

dhhwtieen.xyz

milfhackers.com

fewefie.store

pithstsdiet.store

kirsten-hemmerich.com

casinolopoca.com

sigag.xyz

geilepoes.com

metawhatsapp.art

sarjin.xyz

toprabatte.net

lotofbrave.club

Targets

- Target
  
  210293873747736464664GEH746464.exe
- Size
  
  649KB
- MD5
  
  50d1fc0f3ac939a140750b5b09e8267e
- SHA1
  
  32c48774e472eb67925f1db6bcc0b446c84c2676
- SHA256
  
  f0ce3a965f349d9686220460f1e32e3099352990b775521f9db8e45722a38729
- SHA512
  
  f05238ab9a3f985f59e9a986533cfeb13701f64cc689d87eb391873e68a8df006565ba0953c52cfc6c84d01e6bb0ed2ffdbca6854b8e29a181f5a8fd155cadee
Score

10^/10

formbook ob7y rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2