formbook

General

Target

uu5009125.exe
Size

256KB
Sample

211022-pgln8aceam
MD5

d1f76ed4210b6bbbf232271b8b198133
SHA1

a8407cfa0da5ecffdfeeb22a824f4e9fa368249e
SHA256

6e025a1d72e2abfb9c0fb6c945d3fcdbe2124c5d68d8f5fb09b8389bc30f799e
SHA512

de396811bc499eb12b2f02d79262d0dc4962d8e96a260ba493a70883edf79261c540709b5f957bea853bd810ba1934a3c9ca623a10726d1648cb1bd4a7093138

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rv9n

C2

http://www.cjspizza.net/rv9n/

Decoy

olivia-grace.show

zhuwww.com

keiretsu.xyz

olidnh.space

searuleansec.com

2fastrepair.com

brooklynmetalroof.com

scodol.com

novaprint.pro

the-loaner.com

nextroundscap.com

zbwlggs.com

internetautodealer.com

xn--tornrealestate-ekb.com

yunjiuhuo.com

skandinaviskakryptobanken.com

coxivarag.rest

ophthalmologylab.com

zzzzgjcdbqnn98.net

doeful.com

Targets

- Target
  
  uu5009125.exe
- Size
  
  256KB
- MD5
  
  d1f76ed4210b6bbbf232271b8b198133
- SHA1
  
  a8407cfa0da5ecffdfeeb22a824f4e9fa368249e
- SHA256
  
  6e025a1d72e2abfb9c0fb6c945d3fcdbe2124c5d68d8f5fb09b8389bc30f799e
- SHA512
  
  de396811bc499eb12b2f02d79262d0dc4962d8e96a260ba493a70883edf79261c540709b5f957bea853bd810ba1934a3c9ca623a10726d1648cb1bd4a7093138
Score

10^/10

formbook rv9n rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2