formbook

General

Target

dhlexcel9078.excel.exe
Size

462KB
Sample

211025-m45dqsgheq
MD5

f70df4cd6c3bb5f98021586d550d47d7
SHA1

297d8d7a7c8524914d78892e51fe92b034c47bc1
SHA256

5898ff655531cce98050d6ac064d14b5e64249c3e8a01110e12b46e93bf72de9
SHA512

5eb7a7a7b8866d2a7f5b95cf51aa33b118f602d67fb99401bb56f025a6e5fb06c9e16022f6e8e42f2f64d0f857a7d5fe8a7d100de0ea40661cc37cefdff23488

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ct6s

C2

http://www.metalzj.quest/ct6s/

Decoy

liaquatsibtian.com

erisa.cymru

theultimateone.world

petpartner.info

edison-press.com

ryanmurazik.icu

bukasystems.com

kitsusimplex.com

qatarstyleart.com

brkhot.top

paehdfdtrujdfhs.xyz

createdbybonk.com

kuihoon.com

deathtocustomerservice.com

iotimb.com

greendiamond.pw

millionaireproducers.academy

websitemolsa.com

cbshomeimprovement.com

eardunder.quest

Targets

- Target
  
  dhlexcel9078.excel.exe
- Size
  
  462KB
- MD5
  
  f70df4cd6c3bb5f98021586d550d47d7
- SHA1
  
  297d8d7a7c8524914d78892e51fe92b034c47bc1
- SHA256
  
  5898ff655531cce98050d6ac064d14b5e64249c3e8a01110e12b46e93bf72de9
- SHA512
  
  5eb7a7a7b8866d2a7f5b95cf51aa33b118f602d67fb99401bb56f025a6e5fb06c9e16022f6e8e42f2f64d0f857a7d5fe8a7d100de0ea40661cc37cefdff23488
Score

10^/10

formbook ct6s rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2