formbook

General

Target

ROTONDI-NEW ORDER PT004.exe
Size

250KB
Sample

220125-rmtywsghfq
MD5

f536635d5e97e42c2094f8b55a1c6c28
SHA1

931da46b998bb65a6a08a01e90d41689653d4103
SHA256

baef60b7ed8a0286e276a7b7d76c7a9d52a8a77c2688b0d2b2cc1d886954b1a0
SHA512

07eccfbe1c8a9753eeee8e18b6d3f5de2e41f7c2e01f6da9234aba0b63985b20dac15061cda990023d4f905bbefa309edf192d157d1f19193601b9b7946a80a3

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a0p6

Decoy

taxlaws.info

porn-star-depot.com

cpf-comptes.com

metropark.xyz

transformselfhypnosis.com

wu8g8aerxgjr.xyz

jingzhouhan.net

granicors.com

monografiaonline.com

4972hillcrestdrive.com

gridironagriculturist.com

xtrasomething.com

scbndirects.com

agglutinatesmicromanagers.xyz

butsuyokulog.xyz

parttimejobsinuk.site

kriylzf.xyz

sinashakib.com

hpessoa.website

interscopealbums.com

Targets

- Target
  
  ROTONDI-NEW ORDER PT004.exe
- Size
  
  250KB
- MD5
  
  f536635d5e97e42c2094f8b55a1c6c28
- SHA1
  
  931da46b998bb65a6a08a01e90d41689653d4103
- SHA256
  
  baef60b7ed8a0286e276a7b7d76c7a9d52a8a77c2688b0d2b2cc1d886954b1a0
- SHA512
  
  07eccfbe1c8a9753eeee8e18b6d3f5de2e41f7c2e01f6da9234aba0b63985b20dac15061cda990023d4f905bbefa309edf192d157d1f19193601b9b7946a80a3
Score

10^/10

formbook a0p6 rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2