formbook

General

Target

MT103-SWIFT TT ADVICE.PDF.BZ2
Size

333KB
Sample

211109-na1dcscbal
MD5

1102f0447cf88556e779a540b1b75ebe
SHA1

0a5989c0cdd3e083b4a3916890451bd2e18f1d86
SHA256

8517770c72b002e6ad9aecf7d39838eb9806c7420e257068890cda6dcc59fd76
SHA512

4c5b0e4431b59a2edf97bdc48b056671be0d19c7d11201775898e45e55cf341e05017b9fa9a508e3da00228fc495d402250ace6b3f2ebb4be9343ba3468324b2

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ob7y

C2

http://www.metanewsroom.net/ob7y/

Decoy

ipsdjf.com

mlphntec.com

restaurant-day.store

writeramylong.com

flokigamefi.com

usetianyi.xyz

punishstrikebreaker.quest

ericnfleming.com

dhhwtieen.xyz

milfhackers.com

fewefie.store

pithstsdiet.store

kirsten-hemmerich.com

casinolopoca.com

sigag.xyz

geilepoes.com

metawhatsapp.art

sarjin.xyz

toprabatte.net

lotofbrave.club

Targets

- Target
  
  MT103-SWIFT TT ADVICE.exe
- Size
  
  671KB
- MD5
  
  e13f4dfcb77ff3beec28d80ff2a770db
- SHA1
  
  8c68e428f86c45a80e41b48593df327499052410
- SHA256
  
  853cf471b4618048136973c2fb757f26f28d701fbe804285fa52c6f7388b4d12
- SHA512
  
  f043ea57dd797542107ff0948f9d6a0d7af3f342a61c5f8ca3f3d1fdad4ec8d1eb472ec4b22edef96355dbf72a0c162e3392b6f7d31706c8816e47df9f5a72b9
Score

10^/10

formbook ob7y rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Query Registry

1

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2