formbook

General

Target

Order.tar
Size

309KB
Sample

211124-fmenesfbd7
MD5

4170627dcec51bb3bcfadeeb07d2c757
SHA1

4984981c9a8646206d87cbb64431a9ac1a97e6e6
SHA256

781e3013d88b29caad7bab2c39fd52ee713f3c4a3a900ec308fd96c9a43696be
SHA512

505ce46cd33bf4c38c11b00955c70076689286a75f163f9e0a6213b75100b7f6c02df0ea9f12256219302560ecf757d81553f23fc470e809c4ab45e09a484abc

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jy0b

C2

http://www.filecrev.com/jy0b/

Decoy

lamejorimagen.com

mykabukibrush.com

modgon.com

barefoottherapeutics.com

shimpeg.net

trade-sniper.com

chiangkhancityhotel.com

joblessmoni.club

stespritsubways.com

chico-group.com

nni8.xyz

searchtypically.online

jobsyork.com

bestsales-crypto.com

iqmarketing.info

bullcityphotobooths.com

fwssc.icu

1oc87s.icu

usdiesel.xyz

secrets2optimumnutrition.com

Targets

- Target
  
  Order.exe
- Size
  
  307KB
- MD5
  
  f3a6e703757d07b4908dfa6e8f57cec9
- SHA1
  
  4aea9bbc639998c761b2e05ae62d93b3f4d2961a
- SHA256
  
  4ccf60e5bb299832bc6ff0b439a7bf76457a890aff9e82ba21d6d415e30e565d
- SHA512
  
  62d253129df982bb1ea593390d5a4350d3f20ab00fc59af5f2a754e793554aecb4790822cf7561c1299427be4059fbf7a246050b185e0070d39ccab9a6e2b16b
Score

10^/10

formbook jy0b rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2