formbook

General

Target

mmhr56001.exe
Size

251KB
Sample

211020-n87kbshher
MD5

20516c4fdd5362027e7383befed47ed7
SHA1

3e58bfa088d92fad5b748723e9e5efde54ab3f99
SHA256

19f4dafb701e0d7f58c46397026e8d74b8d63fafe58caf3fa44739bb5bc41bb9
SHA512

f7d5d8005bba7a99f0b1f620acc106542cb5b2023ef61a3de2453a9e25ddb0b5b9f344766b6b182c4c5f398fb5f91ea401d0d907544bf409885f86e162421071

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rv9n

C2

http://www.cjspizza.net/rv9n/

Decoy

olivia-grace.show

zhuwww.com

keiretsu.xyz

olidnh.space

searuleansec.com

2fastrepair.com

brooklynmetalroof.com

scodol.com

novaprint.pro

the-loaner.com

nextroundscap.com

zbwlggs.com

internetautodealer.com

xn--tornrealestate-ekb.com

yunjiuhuo.com

skandinaviskakryptobanken.com

coxivarag.rest

ophthalmologylab.com

zzzzgjcdbqnn98.net

doeful.com

Targets

- Target
  
  mmhr56001.exe
- Size
  
  251KB
- MD5
  
  20516c4fdd5362027e7383befed47ed7
- SHA1
  
  3e58bfa088d92fad5b748723e9e5efde54ab3f99
- SHA256
  
  19f4dafb701e0d7f58c46397026e8d74b8d63fafe58caf3fa44739bb5bc41bb9
- SHA512
  
  f7d5d8005bba7a99f0b1f620acc106542cb5b2023ef61a3de2453a9e25ddb0b5b9f344766b6b182c4c5f398fb5f91ea401d0d907544bf409885f86e162421071
Score

10^/10

formbook rv9n rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2