formbook | 7b2d58fc166483d629c34ce43755517784fd00eb691aec1037e333f3759fcf49 | Triage

Sharing

General

Target

001100202021.lzh
Size

384KB
Sample

211102-pvmhnshedn
MD5

8b2f379ffe86b4ad0ef434942b512d8e
SHA1

0774a83d385d18253d0f6e7b02a3699af20c443b
SHA256

7b2d58fc166483d629c34ce43755517784fd00eb691aec1037e333f3759fcf49
SHA512

ccde975745d4faeeb58bc38be4f1641dc1a99b0e2e62abe6e1ab597bcacd7c4b437555dca8aff782d3e81c958c84cf4d6ed3b4b61ad855b1ca2b993ff997dc2f

Score

10^/10

formbook u1bs rat spyware stealer suricata trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

u1bs

C2

http://www.vgmpradio.com/u1bs/

Decoy

ln-safe-keepingmisva4.xyz

rtfh.xyz

awolin.link

metadlf.com

cardboardcasual.com

psicoterapiahablada.com

spaminator.xyz

hnjqzl.top

dentalyinovasi.site

biosynblas.com

zvyk.store

shreevishwakarmaservices.com

showersplash.com

norbert-roth.com

londoncapitaltraders.com

istanbuldonerkebabheroncity.com

realdiscountsnow.com

marlinplumbingwnc.com

magazinadziavane.com

qantv.com

Targets

- Target
  
  001100202021.exe
- Size
  
  462KB
- MD5
  
  54c9006a6634870e0f02fca2b6ba0d4f
- SHA1
  
  7a3fffad9a7be88516c8004e9e6b55fcf4757e35
- SHA256
  
  62678459c076b6993bbe9cc617bde236afe8a87906f5de98adc375665ba0a84f
- SHA512
  
  295ccdd3a3ff79957d559d9cdb9a8d8f2d6fbf471667516a03e0a127395ad33927e3b80f0245229a208fe1460a4def93542b551e1eb5bb5cf0cd428a59f7f697
Score

10^/10

formbook u1bs rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbooku1bsratspywarestealersuricatatrojan

behavioral2

formbooku1bsratspywarestealersuricatatrojan