formbook

General

Target

b3368c7d14c040c8734d69b5bbc0c635.bin
Size

249KB
Sample

230711-nhzf2ahg8t
MD5

e897050f3c767ec4aea20fe4ebbf56bc
SHA1

a1b72895c8ee17deeb2a82001083c21252c4534f
SHA256

8354208b8987945d11ef05355867b4da0f3f9d230071cd513636d131a24051ad
SHA512

f6221bf6f3340d796e360495fcbe36338c92e926ab2720b67340f9056806c50c0ee54f419c43a1e818e9deb66c4b4070141d078fe9e90675099d6cdc84137df6
SSDEEP

6144:HPz9Z7Qg37okreMNKJq2xOxGSrDu4n4y2H8Ws6Om8zu:HPDsY7/Mq2xOxG0A8Wem8zu

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

- Target
  
  a8f5392112f282b9d32749631c3d85fc6b568dd0b3fe91ffb8c5c7215e3f7114.exe
- Size
  
  261KB
- MD5
  
  b3368c7d14c040c8734d69b5bbc0c635
- SHA1
  
  d34224b8b7e01e22292a7eac678d337f00834a2b
- SHA256
  
  a8f5392112f282b9d32749631c3d85fc6b568dd0b3fe91ffb8c5c7215e3f7114
- SHA512
  
  5b036fe1a1650b8fbf03b2d4a91692ad271ce3a7fd572d6256e7b8aa71d9a8849b610865e782d2ab8566b7c44ee61af8965ab922d9e7ea552cb04734aee39c34
- SSDEEP
  
  3072:FJ2S2L6KbqDCwcrMEEKsmO39oW1jSAI+ltOJ7y4UjjiJ0bUSgSBQ8QNn9lmDe5+W:F8LxBszXOyrSJm/bQN9laFexrODdtKRf
Score

10^/10

formbook dn7r rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2