formbook

General

Target

imágenes de productos pdf.exe
Size

973KB
Sample

211021-nf1w3sbagj
MD5

1e01b5e7d7e52dc849c271f8327fabd6
SHA1

efa560d817c867c38c4a75519830abacb4be2812
SHA256

a192572433f8f1a41f0035e040f0f455608b6eb9695cbb87c9734f3a4bf7d4cc
SHA512

6d7e41f576f88d6a2c3ab951db921def360cd8fe2db8dc542edfbe93a6f8ab10d6ba96538239ac158bdb43f2b14bfc562da6870fd85297c3690b40c5b5b3658e

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n7ak

C2

http://www.kmresults.com/n7ak/

Decoy

modischoolcbse.com

theneverwinter.com

rszkjx-vps-hosting.website

fnihil.com

1pbet.com

nnowzscorrez.com

uaotgvjl.icu

starmapsqatar.com

ekisilani.com

extradeepsheets.com

jam-nins.com

buranly.com

orixentertainment.com

rawtech.energy

myol.guru

utex.club

jiapie.com

wowig.store

wweidlyyl.com

systaskautomation.com

Targets

- Target
  
  imágenes de productos pdf.exe
- Size
  
  973KB
- MD5
  
  1e01b5e7d7e52dc849c271f8327fabd6
- SHA1
  
  efa560d817c867c38c4a75519830abacb4be2812
- SHA256
  
  a192572433f8f1a41f0035e040f0f455608b6eb9695cbb87c9734f3a4bf7d4cc
- SHA512
  
  6d7e41f576f88d6a2c3ab951db921def360cd8fe2db8dc542edfbe93a6f8ab10d6ba96538239ac158bdb43f2b14bfc562da6870fd85297c3690b40c5b5b3658e
Score

10^/10

formbook n7ak persistence rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2