formbook

General

Target

471c2bddb5ae0d5439d8f6daf2ce16ea2fcc20a114fae4a82075b7c76433d11c
Size

472KB
Sample

220521-bvv8xsced9
MD5

44deb1be9aef7d842e97af32f57efd46
SHA1

402561f86dc73f26a5e5ab9424b6f852d3e62c19
SHA256

471c2bddb5ae0d5439d8f6daf2ce16ea2fcc20a114fae4a82075b7c76433d11c
SHA512

d84f334543b14caca96cac74439c43d3f725c6fb93881207c7bdb032e2508f818a191090d130ee1043d4b4fd2e787618435f82ee35115867428e0741034a1ebb

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p07

Decoy

sgemlakdunyasi.net

xn--emhendis-75a.net

apptracker.tech

bb4h.com

izzyesq.com

adsum.digital

phylliselago.com

sellyourlistings.com

tjtdyy.com

w5ydhp.info

neurolat.info

sosecretoccultandconcealed.com

eastmount.biz

vonhiemer.com

chelseatowercondos.com

intarconnect.com

someoneask.com

knightsnorth.com

tthxlxs.com

darakandassociates.com

Targets

- Target
  
  doc56263736473648 PDF.exe
- Size
  
  411KB
- MD5
  
  fd47ef87181d31ba882b90208ff24f98
- SHA1
  
  ca5160315f23ed85b065656a991d879383434d2a
- SHA256
  
  cc02c528f1eccf6891f5c97815c5c97560ca1c92849e35669bf061cb55e6289b
- SHA512
  
  309819f9e0ce39a087dd3536bb931561122f5f4b996e1d570584af2d7c40447bbb8858462e530f5d2149ced4ff7b07d10637ce595bdb229a5d56677951a0a952
Score

10^/10

formbook p07 persistence rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Adds policy Run key to start application
  persistence
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Adds policy Run key to start application

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2