formbook

General

Target

pedido urgente pdf.exe
Size

973KB
Sample

211021-nfzc9abafr
MD5

42c8d23c057b69d3059dfd7bb4af736e
SHA1

a5f7fe4e31d69c1e452f513ba79b57ef57079b23
SHA256

d90b2ee420fc51d84a0c3c3fe2ae4e13b6313cd030be264440538a396dfe7956
SHA512

b524f68ed82306acbc3422f6475071bb05e3c9e72510a70784e08f9b2561b962beba6847e4679bd24247c7899e84b7799b2f1171decab195a456e181725f3ad6

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n7ak

C2

http://www.kmresults.com/n7ak/

Decoy

modischoolcbse.com

theneverwinter.com

rszkjx-vps-hosting.website

fnihil.com

1pbet.com

nnowzscorrez.com

uaotgvjl.icu

starmapsqatar.com

ekisilani.com

extradeepsheets.com

jam-nins.com

buranly.com

orixentertainment.com

rawtech.energy

myol.guru

utex.club

jiapie.com

wowig.store

wweidlyyl.com

systaskautomation.com

Targets

- Target
  
  pedido urgente pdf.exe
- Size
  
  973KB
- MD5
  
  42c8d23c057b69d3059dfd7bb4af736e
- SHA1
  
  a5f7fe4e31d69c1e452f513ba79b57ef57079b23
- SHA256
  
  d90b2ee420fc51d84a0c3c3fe2ae4e13b6313cd030be264440538a396dfe7956
- SHA512
  
  b524f68ed82306acbc3422f6475071bb05e3c9e72510a70784e08f9b2561b962beba6847e4679bd24247c7899e84b7799b2f1171decab195a456e181725f3ad6
Score

10^/10

formbook n7ak persistence rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2