formbook

General

Target

SecuriteInfocomTrojanGene.19914
Size

261KB
Sample

230709-srev7see2v
MD5

b3368c7d14c040c8734d69b5bbc0c635
SHA1

d34224b8b7e01e22292a7eac678d337f00834a2b
SHA256

a8f5392112f282b9d32749631c3d85fc6b568dd0b3fe91ffb8c5c7215e3f7114
SHA512

5b036fe1a1650b8fbf03b2d4a91692ad271ce3a7fd572d6256e7b8aa71d9a8849b610865e782d2ab8566b7c44ee61af8965ab922d9e7ea552cb04734aee39c34
SSDEEP

3072:FJ2S2L6KbqDCwcrMEEKsmO39oW1jSAI+ltOJ7y4UjjiJ0bUSgSBQ8QNn9lmDe5+W:F8LxBszXOyrSJm/bQN9laFexrODdtKRf

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

- Target
  
  SecuriteInfocomTrojanGene.19914
- Size
  
  261KB
- MD5
  
  b3368c7d14c040c8734d69b5bbc0c635
- SHA1
  
  d34224b8b7e01e22292a7eac678d337f00834a2b
- SHA256
  
  a8f5392112f282b9d32749631c3d85fc6b568dd0b3fe91ffb8c5c7215e3f7114
- SHA512
  
  5b036fe1a1650b8fbf03b2d4a91692ad271ce3a7fd572d6256e7b8aa71d9a8849b610865e782d2ab8566b7c44ee61af8965ab922d9e7ea552cb04734aee39c34
- SSDEEP
  
  3072:FJ2S2L6KbqDCwcrMEEKsmO39oW1jSAI+ltOJ7y4UjjiJ0bUSgSBQ8QNn9lmDe5+W:F8LxBszXOyrSJm/bQN9laFexrODdtKRf
Score

10^/10

formbook dn7r rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2