formbook

General

Target

9c05d1ae12cc58702c8a54ad739b9551_JaffaCakes118
Size

260KB
Sample

240403-bhz2cabc3t
MD5

9c05d1ae12cc58702c8a54ad739b9551
SHA1

4f2435a19956ebbe4acd214c65428a36337f7abd
SHA256

59202d95bbcb9a85624ae56b93adeecc94b476a0131fe4670b718439ae4da1c9
SHA512

10c9ae58247631a80f9afdcd688684bd7e81be8cf059e1bb85d55cb43737197fcbc19a9f82806fb059c948b59dd6abac588b5e04a072c67f722b852ab6e9f4f1
SSDEEP

6144:F8LxBsOIdSIHJKM7xTTGYsmLMJKsYTwnXfK8fJV4:/OKlgVmcYMnXfp4

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

- Target
  
  9c05d1ae12cc58702c8a54ad739b9551_JaffaCakes118
- Size
  
  260KB
- MD5
  
  9c05d1ae12cc58702c8a54ad739b9551
- SHA1
  
  4f2435a19956ebbe4acd214c65428a36337f7abd
- SHA256
  
  59202d95bbcb9a85624ae56b93adeecc94b476a0131fe4670b718439ae4da1c9
- SHA512
  
  10c9ae58247631a80f9afdcd688684bd7e81be8cf059e1bb85d55cb43737197fcbc19a9f82806fb059c948b59dd6abac588b5e04a072c67f722b852ab6e9f4f1
- SSDEEP
  
  6144:F8LxBsOIdSIHJKM7xTTGYsmLMJKsYTwnXfK8fJV4:/OKlgVmcYMnXfp4
Score

10^/10

formbook dn7r rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/sqxq.dll
- Size
  
  27KB
- MD5
  
  3d2e7f16f238ac79b3d0e21a753ae79e
- SHA1
  
  ee53d37f5f1a86ddb7e1b6faa063d4afbabcf771
- SHA256
  
  afa62df6a2905e93ab1f59b5bd24856a88f735cd3930e7701a22a1988d3d475c
- SHA512
  
  e9764e730f2b3eea3d769649164a41f10b8e0be865e8a76ba65220b20d8b122bb6dad1a2be8b87fe861960eecfb11b9f836ac93d17fcb218c0201d6a17545ea5
- SSDEEP
  
  768:1oFOzbc9RWl6YOFbzdAk3anbKgPSUm6At0wvM1W:6UbUWl0aUaVAN0wvIW
Score

10^/10

formbook dn7r rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Loads dropped DLL

Suspicious use of SetThreadContext

Formbook

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4