formbook

General

Target

jay.jpg.exe
Size

334KB
Sample

211119-rjwcjsdee6
MD5

06b5ac3e328a63c8df78d784d8a69f7f
SHA1

3b7704352aaaa44b66db325872ea19e87422e072
SHA256

f88b638c800807dc39d987285c8b5fb675be68e8e4b5f4f919446c335a465c10
SHA512

d07b227dcc5caaf73a83f2c5d2a75d8cb5e88cf555b6ca20201ff7d37ee8e2f32ca47bd2ca5d5acbd6ea930392d018497149af83af50a993287137bc480c71ab

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jy0b

C2

http://www.filecrev.com/jy0b/

Decoy

lamejorimagen.com

mykabukibrush.com

modgon.com

barefoottherapeutics.com

shimpeg.net

trade-sniper.com

chiangkhancityhotel.com

joblessmoni.club

stespritsubways.com

chico-group.com

nni8.xyz

searchtypically.online

jobsyork.com

bestsales-crypto.com

iqmarketing.info

bullcityphotobooths.com

fwssc.icu

1oc87s.icu

usdiesel.xyz

secrets2optimumnutrition.com

Targets

- Target
  
  jay.jpg.exe
- Size
  
  334KB
- MD5
  
  06b5ac3e328a63c8df78d784d8a69f7f
- SHA1
  
  3b7704352aaaa44b66db325872ea19e87422e072
- SHA256
  
  f88b638c800807dc39d987285c8b5fb675be68e8e4b5f4f919446c335a465c10
- SHA512
  
  d07b227dcc5caaf73a83f2c5d2a75d8cb5e88cf555b6ca20201ff7d37ee8e2f32ca47bd2ca5d5acbd6ea930392d018497149af83af50a993287137bc480c71ab
Score

10^/10

formbook jy0b rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2