formbook

General

Target

customs docs.exe
Size

332KB
Sample

211119-k9md1achg8
MD5

4e42888ffbe2082ce98d4375eb9c3794
SHA1

d8c46cc203e6d92bf607d2637d37937dc08466f3
SHA256

10a4841b7d56afca3aad568e29fcd3c44f3a0d893aef62ee32471847be405797
SHA512

b1c3861f56fe907dcbef25beeda63ebdc2000381c80fcec44018d7b41963174c06ad9f765571ecb8c3796437ddd17317bbc3a1e152ef44e5575538bc84bf23f1

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

C2

http://www.yourherogarden.net/dn7r/

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

- Target
  
  customs docs.exe
- Size
  
  332KB
- MD5
  
  4e42888ffbe2082ce98d4375eb9c3794
- SHA1
  
  d8c46cc203e6d92bf607d2637d37937dc08466f3
- SHA256
  
  10a4841b7d56afca3aad568e29fcd3c44f3a0d893aef62ee32471847be405797
- SHA512
  
  b1c3861f56fe907dcbef25beeda63ebdc2000381c80fcec44018d7b41963174c06ad9f765571ecb8c3796437ddd17317bbc3a1e152ef44e5575538bc84bf23f1
Score

10^/10

formbook dn7r rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Blocklisted process makes network request
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Blocklisted process makes network request

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2