formbook

General

Target

60359238.doc
Size

433KB
Sample

220125-m716gsefdj
MD5

a6121446855363480ca874174bce64f0
SHA1

2223a360b95091745ce56b7faf2f59900d5dd276
SHA256

5eac7a4a74f8d695de558908d732492b963ced8d35ee9732174f0be5406d94a4
SHA512

6deac4a07a569d8fce9e1947545a8d8b56f8136a5a0577d2f8f81f9e43ffd23abb4b631f97352abd773c0f8418271b9eb2f125dfcf98d17fd5f99eadb58af1a0

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

qugo

Decoy

sathapornstainlesssteel.com

everythingisaninvestment.com

appsbyraf.com

superhornygirl.club

christmastreeclass.com

cheatdayztogo.com

aadent7.com

divinitypath.com

figuli563.com

distanzalojistik.com

pricelesslookyto-looktoday.info

pcaaems.com

itsnewmovie.com

4kx.claims

rental-aruyo.com

psiek.com

justnobleempress.com

40daysfor40nights.com

91266w.com

csi-texas.biz

Targets

- Target
  
  60359238.doc
- Size
  
  433KB
- MD5
  
  a6121446855363480ca874174bce64f0
- SHA1
  
  2223a360b95091745ce56b7faf2f59900d5dd276
- SHA256
  
  5eac7a4a74f8d695de558908d732492b963ced8d35ee9732174f0be5406d94a4
- SHA512
  
  6deac4a07a569d8fce9e1947545a8d8b56f8136a5a0577d2f8f81f9e43ffd23abb4b631f97352abd773c0f8418271b9eb2f125dfcf98d17fd5f99eadb58af1a0
Score

10^/10

formbook qugo rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2