formbook

General

Target

75578cc43cd05f1f12fafa2fb898c0b3875fe550a52dfe09dc7ff2cf7ee2eacd
Size

268KB
Sample

220521-bsrsqacde6
MD5

5277c70ca6370565a4c0e56d5e4678ba
SHA1

0c49837e8ee71ff1a9bb252f3de7e0c6759ba63e
SHA256

75578cc43cd05f1f12fafa2fb898c0b3875fe550a52dfe09dc7ff2cf7ee2eacd
SHA512

bd34168c4e6a7c6da24bb62c378596e9495609e55c4af2e97d06befaaabac6abaccc874f290d917064de7555a71b945e8d40fd70aa17ccf39800c8fce82223f0

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.0

Campaign

g8u

Decoy

stuition.com

mj-sculpture.com

cannatainmentevents.com

dianjintang.com

rmlusitania.info

effet-spiruline.com

flatheme.com

supergaminator-vip.com

craftyourmagic.com

lakai.ltd

electionshawaii.com

iqpdct.com

thebestfourstarhotels.com

satoshiceo.com

saintmartiner.com

brothersmarinetoronto.com

citicoin.online

scentsationalsniffers.com

hellonighbourgameees.com

displayonline-france.com

Targets

- Target
  
  Salary.exe
- Size
  
  354KB
- MD5
  
  3abc3bd58ec7ecd38e1f25823a3a1833
- SHA1
  
  887ac2315f548e3699d0ad340b4b677a679ec434
- SHA256
  
  9c5d88a1518cd310e763757d9acd267ed5741d6c79036e1053381729a0d700ca
- SHA512
  
  393e69f3741a477a77aefb9e2082829e05a2b68f173e29f2cae909661739f307754161b16b1a8820cd5d614e51adddf95f111696edd33c066c7fc77ad931b067
Score

10^/10

formbook g8u persistence rat rezer0 spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Adds policy Run key to start application
  persistence
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

ReZer0 packer

Adds policy Run key to start application

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2