formbook

General

Target

DOC01252022.doc
Size

22KB
Sample

220125-ya98nsdefl
MD5

ab6c0bed424ecfa5fb3e12d2db6cd900
SHA1

5000499ab283e98530920937012d87153048bbae
SHA256

14f73cfcb1d6349374833372961d540b53a6b7ffc628e0d7f6c56f870d365581
SHA512

65efec298d8386c7fbc15f5d82bfaaa5d34ffbd0a8d09bfe4d94e8a43edfcbfb237f9ce73089b769f34dbd9b8f4c9fcf58232f439176fcebc0350afd4d60f86b

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n0k1

Decoy

tyupa.xyz

scion.xyz

smjacob.com

intelligentsiaunionyes.com

myartismytemple.com

roethlisburgers.com

burny-live-bar.com

amricanfamilyinsurance.com

barossavalleycollective.online

coinstarrevenue.com

ionablissfullife.com

worryfreeads.com

9xu5qkr1.xyz

julbera.xyz

denko-puro.com

boardsavorybeambark.club

coronarules.info

hailiangyinqing.com

pageonandroid.tech

1meqtaw8.xyz

Targets

- Target
  
  DOC01252022.doc
- Size
  
  22KB
- MD5
  
  ab6c0bed424ecfa5fb3e12d2db6cd900
- SHA1
  
  5000499ab283e98530920937012d87153048bbae
- SHA256
  
  14f73cfcb1d6349374833372961d540b53a6b7ffc628e0d7f6c56f870d365581
- SHA512
  
  65efec298d8386c7fbc15f5d82bfaaa5d34ffbd0a8d09bfe4d94e8a43edfcbfb237f9ce73089b769f34dbd9b8f4c9fcf58232f439176fcebc0350afd4d60f86b
Score

10^/10

formbook n0k1 rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2