formbook

General

Target

Factura de proforma.exe
Size

973KB
Sample

211021-qs3ybabcan
MD5

3b28cc0c40a9122c19279e34ede6b2a6
SHA1

2c97655615b623605be40e708295e12499674640
SHA256

c4b4ddf8aec0347fd4640a12009f51ba60ed1b202e18b421a3faef74bfe18ea1
SHA512

95fc3c78c572285fa8b13993dab2cf25e5c2efbe6aa40930c7745d5b3f3bdecb14a51f6a3f78ac66ec5307b7a97d4843615f78639b5d815f16b4b31e086e3d08

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bc3s

C2

http://www.topei-products.com/bc3s/

Decoy

anna-ng.com

mariangelamata.com

szqnbl.com

nesherguitars.com

mysekrit.com

againbeautyviensui.xyz

appf.life

bilalsolution.com

technoratii.com

11restoran.com

birthingly.com

crystalcarrillo.com

cohenasset.info

bunchofdesign.com

highstreetmag.com

talentkerning.com

outdoor-glassesadvice.com

aliceeety.com

habbuhot.info

pao91.com

Targets

- Target
  
  Factura de proforma.exe
- Size
  
  973KB
- MD5
  
  3b28cc0c40a9122c19279e34ede6b2a6
- SHA1
  
  2c97655615b623605be40e708295e12499674640
- SHA256
  
  c4b4ddf8aec0347fd4640a12009f51ba60ed1b202e18b421a3faef74bfe18ea1
- SHA512
  
  95fc3c78c572285fa8b13993dab2cf25e5c2efbe6aa40930c7745d5b3f3bdecb14a51f6a3f78ac66ec5307b7a97d4843615f78639b5d815f16b4b31e086e3d08
Score

10^/10

formbook bc3s persistence rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2