formbook

General

Target

4ad4f511c43369e73655e833bac1c22c63c5e9fd56245990266b2d03c54a0fc2
Size

436KB
Sample

220521-my6plscga3
MD5

3919f874ed29012761112c164d3fd836
SHA1

56c30dd39fb4f13f2a757c87252ab50ae5d92207
SHA256

4ad4f511c43369e73655e833bac1c22c63c5e9fd56245990266b2d03c54a0fc2
SHA512

4e03d794d13aaeb44b16b9180b8e5bfb0def7b1bf5ee8cb84f260fae131e6206ba23c8e509974608fcb2b9ad19497f854c92fa3b91c6091a5008be61972fa34f

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

k2w

Decoy

brittanybeck.com

idapple.mobi

sharoncement.win

smerchenko.com

citizenssenergygroup.com

landhawktactical.com

yilingshenghuo.com

lifa97.com

8160pe.com

sf-purify.com

bloomingamaizing.com

thymeshares.com

rainwatercollectionhq.com

jaseba.net

whoistom.net

gn70.com

payperclickad.info

jessicagorbet.com

portlockproperty.com

mindset-beratung.com

Targets

- Target
  
  Enquiry Letter 2021_39 PDF .exe
- Size
  
  706KB
- MD5
  
  ebf459ab9f9e3280e01aa2afc78235cb
- SHA1
  
  b78ba9874e119e3be2521471f0e9bdc6b22d0452
- SHA256
  
  8357119ef28bc4518732db5fea2e1aae12a779c36c3beb0a732a224f460abddb
- SHA512
  
  0831473ccb3bf1314199dd1085075967c8867a1261ec7fe03f5c3da58b2a7dd3158b41b1fa5d2496e722bea04fb0230e306baccbc4459523b21698ee0d2a8094
Score

10^/10

formbook k2w persistence rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2