formbook

General

Target

Ipahtnlwocyaqoffrglyqcoirkzejlxvhh.exe
Size

915KB
Sample

220124-t9ehtsfhcr
MD5

1c2de2d34e6b111a8d34a1628a38e86c
SHA1

8f3b4eb58153f5b4e0f18242d1d440326c1abe09
SHA256

b83152fc7fc7aa9950add1de9c3d12e107e3b6eb481c1a368018ed26d3792cdc
SHA512

18a0c2547f8654a75d15f268d969f7bebb4a2b959ba4d718d66c5e84afa8f11fc3caf885b646af999eaf4643097cbaacb5137722d0bd1ded8553c93e0e9e4006

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gmfe

Decoy

boldaerospace.com

oleeoe.com

aucreuxducoeur.one

fatbellytonic.com

newfrontiermining.net

iphone13promax.guide

meltingpotspot.com

zuinigerijder.com

sigmagrup.com

thehekadivine.com

once-only.online

variouselectricianservice.com

xn--oy2b9rj5qfzo85aro.com

wuzuiso.com

inoutinsurance.xyz

company-intel.net

apppromaguginybuo.com

st666.tech

k-reborn-okayama.com

realteenpattix.com

Targets

- Target
  
  Ipahtnlwocyaqoffrglyqcoirkzejlxvhh.exe
- Size
  
  915KB
- MD5
  
  1c2de2d34e6b111a8d34a1628a38e86c
- SHA1
  
  8f3b4eb58153f5b4e0f18242d1d440326c1abe09
- SHA256
  
  b83152fc7fc7aa9950add1de9c3d12e107e3b6eb481c1a368018ed26d3792cdc
- SHA512
  
  18a0c2547f8654a75d15f268d969f7bebb4a2b959ba4d718d66c5e84afa8f11fc3caf885b646af999eaf4643097cbaacb5137722d0bd1ded8553c93e0e9e4006
Score

10^/10

formbook gmfe persistence rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Remote System Discovery

1

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2