formbook

General

Target

99448ebd6bbde5bf60ce33bffdddf07a.exe
Size

463KB
Sample

211117-sy7vkadbg7
MD5

99448ebd6bbde5bf60ce33bffdddf07a
SHA1

02cba5cd7ae83f06ce9d9e5c39d752a534e51a37
SHA256

b52df691d7fb9b73288ec52b8c8b3f3dc70e262ff8af122f275ac93300aede07
SHA512

c5b9163cd2926bd70d0e225294a5bb620151e317e7a8f2942fbdad1a9302559931e04d4d611b1b53f1f8aa03d7ea77039e6ada312d3efb4628648671cb471eee

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jy0b

C2

http://www.filecrev.com/jy0b/

Decoy

lamejorimagen.com

mykabukibrush.com

modgon.com

barefoottherapeutics.com

shimpeg.net

trade-sniper.com

chiangkhancityhotel.com

joblessmoni.club

stespritsubways.com

chico-group.com

nni8.xyz

searchtypically.online

jobsyork.com

bestsales-crypto.com

iqmarketing.info

bullcityphotobooths.com

fwssc.icu

1oc87s.icu

usdiesel.xyz

secrets2optimumnutrition.com

Targets

- Target
  
  99448ebd6bbde5bf60ce33bffdddf07a.exe
- Size
  
  463KB
- MD5
  
  99448ebd6bbde5bf60ce33bffdddf07a
- SHA1
  
  02cba5cd7ae83f06ce9d9e5c39d752a534e51a37
- SHA256
  
  b52df691d7fb9b73288ec52b8c8b3f3dc70e262ff8af122f275ac93300aede07
- SHA512
  
  c5b9163cd2926bd70d0e225294a5bb620151e317e7a8f2942fbdad1a9302559931e04d4d611b1b53f1f8aa03d7ea77039e6ada312d3efb4628648671cb471eee
Score

10^/10

formbook jy0b rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2