formbook

General

Target

HSBC26072021-C2010004V2.ace
Size

949KB
Sample

210726-ldnpbdbdds
MD5

31c1b980298e6795c742a59ee3def9b6
SHA1

552bac2ee56aeb64e56a114e3d004e57484e822b
SHA256

d41352472768143aa9f566f7e8ee45f9e740e0873a8cc0b46786149f9fc73bcf
SHA512

ca636978183932b38e2f08c38d302f7ce15aa1634a276179adb493b615d3ce4412f707246d92b643629bac2abd8830775ade8917e5855833fe514e9a91afa70e

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.cryptoinhindi.online/nmks/

Decoy

sunaoto.net

uddeshyaheen.com

memesyndicste.com

wellnessbytanyabawa.com

winabeel.com

santabirria.com

whatmattersindia.com

3rdimultimedia.com

koukismile.com

hellobabymoccs.com

marziehmakeup.com

faiyou.com

redbarnprovisions.com

odmgl.com

usevino.xyz

csyczp.com

gutfeelings.club

coscos.xyz

moodoo.icu

thedarktechnician.com

Targets

- Target
  
  HSBC26072021-C2010004V2.exe
- Size
  
  1.3MB
- MD5
  
  101e2a9db2554e093f3b29b86caa5afb
- SHA1
  
  cc8ce1086cc00406b1b7d28a7b0966e991b846fa
- SHA256
  
  8d2253cbd99e88a8b1d98a75782097ab5f6159a0360ed1bcd2c82d283590bf2f
- SHA512
  
  cbd7f0cc5e17785cd1b46bef16b2c38a47ef778fa7e8d8145df23c163ed89214e07b61ff860437b4f282b640371efc6622e68185ffcbd63dd0ab7db79b01c43b
Score

10^/10

formbook rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

CustAttr .NET packer

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2