formbook

General

Target

PURCHASE ORDER.doc
Size

20KB
Sample

211117-rt5zqshhdr
MD5

24872831ee195b2e47de970c480da95a
SHA1

630e777e9aa508c80c276a38f03e7ffc3f76f574
SHA256

fc8b0c765bad790308ddd1865cc47009348aef515b4edbd2bee5c17dbecca1a7
SHA512

d2b93bf5e5971612d033ff49c5e19c79cc9631f111d0a07222919da3d18504d3ab5186722e1d33cd76906acd80e602548a88358415568b1a36bb9f515cb0ef1b

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ob7y

C2

http://www.metanewsroom.net/ob7y/

Decoy

ipsdjf.com

mlphntec.com

restaurant-day.store

writeramylong.com

flokigamefi.com

usetianyi.xyz

punishstrikebreaker.quest

ericnfleming.com

dhhwtieen.xyz

milfhackers.com

fewefie.store

pithstsdiet.store

kirsten-hemmerich.com

casinolopoca.com

sigag.xyz

geilepoes.com

metawhatsapp.art

sarjin.xyz

toprabatte.net

lotofbrave.club

Targets

- Target
  
  PURCHASE ORDER.doc
- Size
  
  20KB
- MD5
  
  24872831ee195b2e47de970c480da95a
- SHA1
  
  630e777e9aa508c80c276a38f03e7ffc3f76f574
- SHA256
  
  fc8b0c765bad790308ddd1865cc47009348aef515b4edbd2bee5c17dbecca1a7
- SHA512
  
  d2b93bf5e5971612d033ff49c5e19c79cc9631f111d0a07222919da3d18504d3ab5186722e1d33cd76906acd80e602548a88358415568b1a36bb9f515cb0ef1b
Score

10^/10

formbook ob7y rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2