formbook

General

Target

Proof of payment.doc
Size

25KB
Sample

220111-ra56dsgbbl
MD5

72b5faa2facec80772b70a01bae1c0b0
SHA1

86bbe9fbc76392d2e7faa5815b3bd134b3e5b50c
SHA256

cec9a413c1844c029f7801e4d74e941215d8f328169ccb37fb909c73651bde6b
SHA512

15206180022ec808a7d3d68677b162af126a4d5a1fb5967ce43e2d9163ea98c78409ad6159edbc5c3686da6799f95cd75f57ed4f067e56205580322b2521f7fc

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a83r

Decoy

comercializadoralonso.com

durhamschoolservces.com

onegreencapital.com

smartcities24.com

maquinas.store

brianlovesbonsai.com

xin41518s.com

moneyearnus.xyz

be-mix.com

fengyat.club

inspectdecided.xyz

paksafpakistan.com

orhidlnt.top

princesuraj.com

vietnamvodka.com

renewnow.site

imageservices.xyz

luxurytravelfranchise.com

kp112.red

royalyorkfirewood.com

Targets

- Target
  
  Proof of payment.doc
- Size
  
  25KB
- MD5
  
  72b5faa2facec80772b70a01bae1c0b0
- SHA1
  
  86bbe9fbc76392d2e7faa5815b3bd134b3e5b50c
- SHA256
  
  cec9a413c1844c029f7801e4d74e941215d8f328169ccb37fb909c73651bde6b
- SHA512
  
  15206180022ec808a7d3d68677b162af126a4d5a1fb5967ce43e2d9163ea98c78409ad6159edbc5c3686da6799f95cd75f57ed4f067e56205580322b2521f7fc
Score

10^/10

formbook a83r rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2