formbook

General

Target

copie de plata bancara.exe
Size

903KB
Sample

220316-jtv6jahbfk
MD5

d35d30f184393cacc394b8c51743348d
SHA1

961b5905a6d86a0f98b7f14a481c2f2ebebace3b
SHA256

3d5d161635b1d409b28564bb95c9006687b720caa5bfb6ed8679b87e889baf3a
SHA512

aebf1d8771f475d28c57a709aaf3377a38b540221be3ef4fe6d0bbac8ebc20a8553e26cfae6532c38043e75079c4f5da37d586f6e96755f2d84af594d09d4119

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

3nop

Decoy

videohm.com

panache-rose.com

alnooncars-kw.com

trueblue2u.com

brussels-cafe.com

ip2c.net

influenzerr.com

rbcoq.com

zzful.com

drainthe.com

sumaholesson.com

cursosaprovados.com

genotecinc.com

dbrulhart.com

theapiarystudios.com

kensyu-kan.com

dkku88.com

tikhyper.com

aztecnort.com

homebrim.com

Targets

- Target
  
  copie de plata bancara.exe
- Size
  
  903KB
- MD5
  
  d35d30f184393cacc394b8c51743348d
- SHA1
  
  961b5905a6d86a0f98b7f14a481c2f2ebebace3b
- SHA256
  
  3d5d161635b1d409b28564bb95c9006687b720caa5bfb6ed8679b87e889baf3a
- SHA512
  
  aebf1d8771f475d28c57a709aaf3377a38b540221be3ef4fe6d0bbac8ebc20a8553e26cfae6532c38043e75079c4f5da37d586f6e96755f2d84af594d09d4119
Score

10^/10

persistence formbook 3nop rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2