formbook

General

Target

SCAMPMT.EXE
Size

431KB
Sample

220126-kycenabbfp
MD5

067e3e5b267e1c65a9e633ee3c3bd3d0
SHA1

3d0ef11080a29070a41f7b97c64cd04f45a147ee
SHA256

138885bb6b68014d53469fa9ce85505960e780a2953c13d4bee23d87f0db1563
SHA512

4487df8a859d6f2b40be64a7e516c9135eb703ac03fe694c297a241c6b710a3b84face067f2faac566f44d35a77be377b455c29e317b45baa3b6769564c67588

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b3n1

Decoy

alexandragrows.com

shellload.com

stanleyrorke.com

glasurit.us

facebookismetaverse.com

astoundingaffairs.com

facom.us

dysonsaleoutlet.us

obtengaunitedhealthcare.com

sebastianroofrepairs.com

saltvent.com

littleonesclub.com

webamazoncardshopmail.xyz

lutam.xyz

myfirstpsgame.com

comline.cloud

valueinsightfororacle.com

congregacionansestral.com.co

paypal-uk.xyz

facebookversuzmeta.com

Targets

- Target
  
  SCAMPMT.EXE
- Size
  
  431KB
- MD5
  
  067e3e5b267e1c65a9e633ee3c3bd3d0
- SHA1
  
  3d0ef11080a29070a41f7b97c64cd04f45a147ee
- SHA256
  
  138885bb6b68014d53469fa9ce85505960e780a2953c13d4bee23d87f0db1563
- SHA512
  
  4487df8a859d6f2b40be64a7e516c9135eb703ac03fe694c297a241c6b710a3b84face067f2faac566f44d35a77be377b455c29e317b45baa3b6769564c67588
Score

10^/10

formbook b3n1 rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2