formbook

General

Target

f3512395f5dc2b8bfa0bbca4bedfe15f_JaffaCakes118
Size

252KB
Sample

240416-mqw57sab7z
MD5

f3512395f5dc2b8bfa0bbca4bedfe15f
SHA1

a81f400dd105d3041fef6a84c42874b216b68162
SHA256

79bcbfe90332fe976229f75f64723adcf0db4a0df4a088b1370fef38f20a6630
SHA512

f13481c1c190eeb8ebd22ca7ca633ef7f61b288e8f82029ebf73714bcf2bc56a8102bf01fea0a65f437dc2d659cc32e5e18152254c8577df6fe62b1e5c99ed1b
SSDEEP

6144:wBlL/c2QY/Wpo6H/uvspndzM3Q4WRPngKawZbjW:CeUepB/1pndzlLRPgKtE

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

- Target
  
  f3512395f5dc2b8bfa0bbca4bedfe15f_JaffaCakes118
- Size
  
  252KB
- MD5
  
  f3512395f5dc2b8bfa0bbca4bedfe15f
- SHA1
  
  a81f400dd105d3041fef6a84c42874b216b68162
- SHA256
  
  79bcbfe90332fe976229f75f64723adcf0db4a0df4a088b1370fef38f20a6630
- SHA512
  
  f13481c1c190eeb8ebd22ca7ca633ef7f61b288e8f82029ebf73714bcf2bc56a8102bf01fea0a65f437dc2d659cc32e5e18152254c8577df6fe62b1e5c99ed1b
- SSDEEP
  
  6144:wBlL/c2QY/Wpo6H/uvspndzM3Q4WRPngKawZbjW:CeUepB/1pndzlLRPgKtE
Score

10^/10

formbook dn7r rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/rabh.dll
- Size
  
  31KB
- MD5
  
  208415055314d6c3d5a14dd72fbddd5e
- SHA1
  
  d4bc642a44ae2c9199affb94aaf04c63b9d274f0
- SHA256
  
  7db0677b2eefaabe1940417354dc5c59ac0ee2d54ec17d9d19986bc27cac1fc8
- SHA512
  
  8f355f2fd60e58ac2c998cb2d72730ab607f3407cc1e3fdb10c873c2b91dbf2e6a5c46836ea036045b7daf41c7e5fd9eb0a388588ef615c9c0911b4a961f3e7b
- SSDEEP
  
  768:U3C172fwsiuM4FQcCw6OYTYQoccnuUkER7SYy5Oy:v7+iuZFQtOMYwcRmYy
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4