formbook

General

Target

c1bda786942300e009911838ae7b6f1c6919e9ac0023d85bba593dfd12edd5c3
Size

350KB
Sample

220521-nd6dsadef4
MD5

35a9df4824560ff93d9df4b196a23768
SHA1

5a2e97029948c15438dd5e027ffa9d8fc5b43de7
SHA256

c1bda786942300e009911838ae7b6f1c6919e9ac0023d85bba593dfd12edd5c3
SHA512

c1cfbe7f73fe4028d4c9b9b5054ad81ebb5ba84137e3ac06acf7634e928ee6d7914a60741aa7a16da3116305ab7aa4ec2f54f523c6b3eed369c21e7b8eb89103

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mcn

Decoy

qww13.com

polyadmission.com

blackbaycooler.com

angelmedics.net

saludcomplementariaintegral.com

multonin.reisen

atelier-des-lilas.com

theflamingorealtygroup.info

minnesotaauto.loan

silvfly.com

ubaoc.com

learcane.net

giftcardcodegenerator.com

consciousnessunpleasant.com

g1media.net

wwwstrikeout.com

yimifanghua.com

stampkm.com

bx-wdcl.com

unieekly.net

Targets

- Target
  
  Quotation.exe
- Size
  
  391KB
- MD5
  
  be84baa98d7e27a0df361cd6eba9506c
- SHA1
  
  41d84c4e36d9f0fa2def2ae157a0fa45e29e163e
- SHA256
  
  0c6ef50f134bbd723eddc99d8f9fc78b37e7e2590ec907ce4209075677add6d9
- SHA512
  
  a856515a24389c35cbe188ad08f23a87b260db2d08b3f9c4c5d50688b35a399adb0476ffc0f9f5b9f37c3fb7f5457bbc389c6ad3fe075045f4291ab4037b84b8
Score

10^/10

formbook mcn persistence rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Adds policy Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Adds policy Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2