formbook

General

Target

39203048BYW2993849483.arj
Size

318KB
Sample

211116-r5wkfabcdj
MD5

948d71dbee946084f9ff54ef95034e32
SHA1

c6960c823677e80c32a3e7210fdd31ef888c54f5
SHA256

5fcec8d30f9e07ed3c76fea473d5f53b4d3194c3c6b433bfd3e4bc27ae3a938e
SHA512

26c4410fd64381e2d7f3d46bf689d9219d2d3237bdcb2c56b73413bbe7d14c837119d7df90d749337be2c49fc06b6feb7b3163f0ec5e316c87d7a75fde24ea46

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ob7y

C2

http://www.metanewsroom.net/ob7y/

Decoy

ipsdjf.com

mlphntec.com

restaurant-day.store

writeramylong.com

flokigamefi.com

usetianyi.xyz

punishstrikebreaker.quest

ericnfleming.com

dhhwtieen.xyz

milfhackers.com

fewefie.store

pithstsdiet.store

kirsten-hemmerich.com

casinolopoca.com

sigag.xyz

geilepoes.com

metawhatsapp.art

sarjin.xyz

toprabatte.net

lotofbrave.club

Targets

- Target
  
  39203048BYW2993849483.exe
- Size
  
  656KB
- MD5
  
  969c9f98fb5d2de8c9f4951a2dedc571
- SHA1
  
  5c8963a46a2f492500b9f113f9457772d5ad1d9a
- SHA256
  
  b7602e7d309795640e020a679f93dfd3cb890bc9073a8ead233ab5323c6e0551
- SHA512
  
  fd4ae7646c686e4032c80c2c36dade002cc9e2910069dde09952215e8ccbbbdea9cf40bc1bf14005675aed322627582713a2a4344ee5d209ddd239b12fcde3de
Score

10^/10

formbook ob7y rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2