formbook

General

Target

Purchase Order.doc
Size

432KB
Sample

220125-yatkxsdefk
MD5

8476c8f3efac1a6006ada1f0e18524b7
SHA1

f28ba53905e5d3324da5926924b6049d9183d301
SHA256

b12b3b6f87f35d7b2cdb52ec2558f2087155bc5f580b6a9083b05a73263a901f
SHA512

97e61671142e064242ab3096c17b02ed450b9359a4e854c9df5e47cd96d9133597a6a33b3bcb85bc07a1b2ed73a92c63ccd624c737d839d85d2206aeb8a27820

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fezu

Decoy

palisadeshiking.com

lusteror.com

blogmisaficiones.com

firstprinciplesteam.com

theindoorfarmer.info

sddn55.xyz

womensclothingonlineshop.com

amourneim.com

getlumichargeserver.com

mynegociodev.com

xn--riq159j.com

the-social-hub.com

buypremiumvpn.xyz

brightnes.info

catmanshopper.com

michellepalacdesigns.com

moveventurecapital.com

nzhzygba.com

papahungry.com

electric-classic-bike.com

Targets

- Target
  
  Purchase Order.doc
- Size
  
  432KB
- MD5
  
  8476c8f3efac1a6006ada1f0e18524b7
- SHA1
  
  f28ba53905e5d3324da5926924b6049d9183d301
- SHA256
  
  b12b3b6f87f35d7b2cdb52ec2558f2087155bc5f580b6a9083b05a73263a901f
- SHA512
  
  97e61671142e064242ab3096c17b02ed450b9359a4e854c9df5e47cd96d9133597a6a33b3bcb85bc07a1b2ed73a92c63ccd624c737d839d85d2206aeb8a27820
Score

10^/10

formbook fezu rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2