formbook

General

Target

2d4b447cd683c9551f780d5da0f8591446a845a8059f630fb792e4c2697401ce
Size

321KB
Sample

220521-pab67sehe2
MD5

31ce3c087864a2ab3b83bce8b3f03a3d
SHA1

417c48a34113a09f36b7ff67901cd78e2828e885
SHA256

2d4b447cd683c9551f780d5da0f8591446a845a8059f630fb792e4c2697401ce
SHA512

194f58813fd240289daaf0a70cee55dc7f6f50eb67fb3126f502eaee2ad8ab68baa8e8693d2956b88546fcc7665f68f62117b7bc90e19b42db6ad276ba925808

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k859

Decoy

tealpineapples.com

boatybracelets.com

srurslzmd.download

oregonclimatesmart.com

holistics.net

allsystemsforupgradesnew.review

005554008.com

inteligenciamental.com

valedamente.com

novinsaraf.com

schnyderfor.com

newideait.com

horny-for-art.com

susanmurphree.com

lineage2impact.com

khaoskoordinator.com

baolanhuc.men

equifaxlaw.com

aaronsalvato.com

radioxxesertanejo.com

Targets

- Target
  
  quote-THP1403 080620.exe
- Size
  
  456KB
- MD5
  
  04e9512a58cc579f1a304cf851c26953
- SHA1
  
  11abbf143e53cc33fd9f3faaafcd405d1554c3ab
- SHA256
  
  c327cc4c54ba20e649ab27c83ea7d5fcf2a596ae3f9feb50b2f5d550bcb71bf8
- SHA512
  
  89bc87c2289b3dc9ed2aef97ce3a44634c60d0f8fb842691fa7c1a2ec6a184fad7ab345d8d5fd673f4e283e6e3774f6d5ee8522abb29e9aba4d2c29f0f80967f
Score

10^/10

formbook k859 persistence rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Reads user/profile data of web browsers

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2