formbook

General

Target

DBS.cab
Size

272KB
Sample

211015-vsmnjsbhen
MD5

643fd18055afdb5e1cec441f2ce414cd
SHA1

ebb7555465e3651ca8efaf82b5b5a98cb473c7d9
SHA256

8a8fd3b40dfdd6add285caa0670b678a6fc7c65cbf1ba487fed174789ccb7793
SHA512

c7cbe3ee5ea513ad76a2413c251e748dede83f283d70270c7280ecdcf2a51b05227769de49f3c9526e57761a253c04754b8390493dafb98cc59d0630b5ff5649

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rv9n

C2

http://www.cjspizza.net/rv9n/

Decoy

olivia-grace.show

zhuwww.com

keiretsu.xyz

olidnh.space

searuleansec.com

2fastrepair.com

brooklynmetalroof.com

scodol.com

novaprint.pro

the-loaner.com

nextroundscap.com

zbwlggs.com

internetautodealer.com

xn--tornrealestate-ekb.com

yunjiuhuo.com

skandinaviskakryptobanken.com

coxivarag.rest

ophthalmologylab.com

zzzzgjcdbqnn98.net

doeful.com

Targets

- Target
  
  ghfg5776.exe
- Size
  
  284KB
- MD5
  
  bb0932c47b65c0ab72b9f9b87e26e292
- SHA1
  
  6a60a4798b6f4ded51f845c1c980b216b19ffc04
- SHA256
  
  90be634820b42505da42769e83ebc62ab133090c810b64140c551fc4136c5fe7
- SHA512
  
  51942eafa04c2abb8f0000400e16dd95b34d318d4e6592550c1fe884eb24b1132cfa946346f9a149042a2519800fa39f56e64082e0fa65eb30848687112f6548
Score

10^/10

formbook rv9n rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2