formbook

General

Target

Purchase Order.doc
Size

221KB
Sample

211021-z87qwabfem
MD5

42686e015262b24113364a15b0ee4983
SHA1

f15fc92c8fcdd53b212993b0f1bf12e68570e114
SHA256

59ec21c2cbea8337c61be946ea039cce2316085c64f83aff71e2fa2c72517104
SHA512

785f2eb844579705535b4c068759b67c25840f5ecab9033b15fa8645b1aabdea22bc598e6f0d2ca04fecb9dfade07c05b1a161d9c72c08b72b2e63b56510651a

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jy0b

C2

http://www.filecrev.com/jy0b/

Decoy

lamejorimagen.com

mykabukibrush.com

modgon.com

barefoottherapeutics.com

shimpeg.net

trade-sniper.com

chiangkhancityhotel.com

joblessmoni.club

stespritsubways.com

chico-group.com

nni8.xyz

searchtypically.online

jobsyork.com

bestsales-crypto.com

iqmarketing.info

bullcityphotobooths.com

fwssc.icu

1oc87s.icu

usdiesel.xyz

secrets2optimumnutrition.com

Targets

- Target
  
  Purchase Order.doc
- Size
  
  221KB
- MD5
  
  42686e015262b24113364a15b0ee4983
- SHA1
  
  f15fc92c8fcdd53b212993b0f1bf12e68570e114
- SHA256
  
  59ec21c2cbea8337c61be946ea039cce2316085c64f83aff71e2fa2c72517104
- SHA512
  
  785f2eb844579705535b4c068759b67c25840f5ecab9033b15fa8645b1aabdea22bc598e6f0d2ca04fecb9dfade07c05b1a161d9c72c08b72b2e63b56510651a
Score

10^/10

formbook jy0b rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2