formbook

General

Target

745e00e4a43761d5c4be5e29a539cda4e8ca2a45755b44e35321ced4a8d400c3
Size

357KB
Sample

220521-ne3z2sdfa5
MD5

669bf2619644a7990942f3c2dac81c8d
SHA1

e7756aba22a0ea795c51dee0a38cd9df2b58a220
SHA256

745e00e4a43761d5c4be5e29a539cda4e8ca2a45755b44e35321ced4a8d400c3
SHA512

0036a6ac06a7dc6ac4c53c1de75ddde49dd84af40666996bdd2f530f31d45394ca4f5fb5536c84a92894ed95373103571aad784ae39cbd2f2e51425789ba4142

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.0

Campaign

cdm

Decoy

ldren.net

smtpsystem.com

elbastonazul.com

clickmailservice.com

housesearch.today

jingwei-pingtai.com

briankarenontour.com

wwwjinsha520.com

greenhouseci.net

cyberexpo.events

soundepict.com

hansardtracker.com

abenaasare.net

policemoviefestival.com

cryptocurrencyrocks.money

carliequinnesthetician.com

finestmilan.com

diclar.com

thependletonsurfclub.com

raku.party

Targets

- Target
  
  YEw0N670fLb3Qwz.exe
- Size
  
  445KB
- MD5
  
  767febc4e7ba132342b5271a06a370c8
- SHA1
  
  3997eb76ba7da530ef6624d37d6218bf89400159
- SHA256
  
  0b6acf8d9861c0c69b88b7a7bf1427c5245bbd968e96db1cdb08b8432442c729
- SHA512
  
  5d3ff4c987aa5dce84b2ef944214149a2e1723f140182331e5693fc548fbb3c6026a55dc37eeb4ccc55b1173a76c9bebf0d3d7f26179ef99583fc2abf32d5120
Score

10^/10

formbook cdm rat spyware stealer trojan persistence suricata
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2