formbook

General

Target

N001028.bz
Size

270KB
Sample

211028-wp566aggep
MD5

12da38a608b5f281fb6256cf0f730dab
SHA1

90a9b30bda107ccf98a9d16d2d88bdb0415498d6
SHA256

0aad345b493a91de830d383b647d9f51ea224f134de6e60a8afe95ba8e29d24b
SHA512

fcfa6e8de3fbcf6870fbe019f698ba0bc29b64f01a00aa3a89cd79944082aa1e463b1037efba60bb8bdc61b59958f1618fec29a3795bf150086173dc04a97724

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mg0t

C2

http://www.q0yczwyc.asia/mg0t/

Decoy

3949842.com

webxdigital.net

dirums.online

metawiser.com

takefreepass.com

colphata.com

searchwebsafety.online

unrule.net

merch.ventures

tooreake.xyz

leonelaperu.com

qiangcai.xyz

cocco24.com

lovinganime.com

mbfad.com

historytodaygameshow.com

gadgetwellprotected.com

nutritoken-diet.com

liberty-lilies.com

singleofficial.com

Targets

- Target
  
  N001028.exe
- Size
  
  282KB
- MD5
  
  61e09b1e377cbf8017861bfd9dedfb55
- SHA1
  
  2ce56c49d71b9771a837f00b9e9ec58cfe53afad
- SHA256
  
  61caa9b68c303d1fb37e196154c0bf9a460441673084a307028a88002e10fd94
- SHA512
  
  e4ed7e7b827cf2298cd8b643a6feef07657f0c654b6a22b00d68dd251580214db6546ef79ef4c8575bc16e7e8f51f765f7980152801f82b812b65ad9e4fe5a70
Score

10^/10

formbook mg0t rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2