formbook

General

Target

dbf35f616352c0c9af4ed99d7400e21652220a70852bd47d02274a8ba36fac79
Size

230KB
Sample

220521-ny66taheaj
MD5

6ca77528ffd5d678376d1ccc6c4ba7ba
SHA1

10cfaa50c55778aba58835cfe36b18489af4a829
SHA256

dbf35f616352c0c9af4ed99d7400e21652220a70852bd47d02274a8ba36fac79
SHA512

ea727df65322dcb5e4f4cd1e3df035aadc554480465c97ad1d17ee8a839876f6d59db8d1c8fa5fac2663bbb0986787abfe52f77373f6a94d1553a169020fa6aa

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

2f8m

Decoy

blockchain-cn.com

misujiaju.com

fitzdrip.com

allamericanbiofuels.com

xppjjj.site

0e0fourwhen.men

overwatchtournaments.com

abbeygreenapparel.com

furnishedflats.net

accuitouch.com

luxuriousalmonds.com

craigdentistry.com

evilunderworld.com

lrat.ltd

invisibleversion.download

redroofgrandjunction.com

f8zghxjb.com

dramatic-ally.com

jjmackeypr.com

mumbaichatka.com

Targets

- Target
  
  Details .exe
- Size
  
  262KB
- MD5
  
  51394114dc03bd1d43c334d68b2fe541
- SHA1
  
  9b5b41e1302a8182b7815c5bafa228ac20e74f51
- SHA256
  
  7db92553a32ee324311207e9a94d3112d8b2030ea67bea4b2527b71c37701cac
- SHA512
  
  5fad65207982664a2e0f98a01678194f860c3a832ebdf253242bb23444b634aa4ae68e7771d634cf39ef73a922755a98e3e9eb84b8498a22a05e06b679ca4d37
Score

10^/10

formbook 2f8m persistence rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Adds policy Run key to start application
  persistence
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Adds policy Run key to start application

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2