formbook

General

Target

tt copy 200393903.arj
Size

333KB
Sample

211109-xv98qscgek
MD5

20f5e1ff7fa3fc172615879fc425b094
SHA1

7aa7ac946f07c81bc9af393df2c63ec98e58b8e2
SHA256

cbdc5fba375e0c9798dba2c7f6fa8b093519cafd763569f34a9c9f88643f2aec
SHA512

73f15d848baa4ac992e108104ddab793a899819f0d2d0950f7727663dccfb5feb464c485adaaab2a5e212169a86e22b4578e0eaa9a69b106793b0d43fca855cc

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ob7y

C2

http://www.metanewsroom.net/ob7y/

Decoy

ipsdjf.com

mlphntec.com

restaurant-day.store

writeramylong.com

flokigamefi.com

usetianyi.xyz

punishstrikebreaker.quest

ericnfleming.com

dhhwtieen.xyz

milfhackers.com

fewefie.store

pithstsdiet.store

kirsten-hemmerich.com

casinolopoca.com

sigag.xyz

geilepoes.com

metawhatsapp.art

sarjin.xyz

toprabatte.net

lotofbrave.club

Targets

- Target
  
  tt copy 200393903.exe
- Size
  
  671KB
- MD5
  
  e13f4dfcb77ff3beec28d80ff2a770db
- SHA1
  
  8c68e428f86c45a80e41b48593df327499052410
- SHA256
  
  853cf471b4618048136973c2fb757f26f28d701fbe804285fa52c6f7388b4d12
- SHA512
  
  f043ea57dd797542107ff0948f9d6a0d7af3f342a61c5f8ca3f3d1fdad4ec8d1eb472ec4b22edef96355dbf72a0c162e3392b6f7d31706c8816e47df9f5a72b9
Score

10^/10

formbook ob7y rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2