formbook

General

Target

2e94e9f9492519257c3ce0897b7e0b526d202e59e325149a4e292756bbe02dec
Size

272KB
Sample

220521-px9qzsbder
MD5

f258f9694b92c3849e492139ac9a98a3
SHA1

4251530ef3d77612642d87bc0e96038db886aff8
SHA256

2e94e9f9492519257c3ce0897b7e0b526d202e59e325149a4e292756bbe02dec
SHA512

dbf7b421656512bb4781b3de4b83ccfe6d3e7c712cefc5df8b55fcfb4927898dec2b479343dca947a1dd4dc5708e32aa7c3eae8ca0719b3effe229c071ea3308

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

q5e

Decoy

2177.ltd

thanxiety.com

max-width.com

fixti.net

mostmaj.com

mobilteknolojiuzmani.com

historyannals.com

wheelchairmotion.com

mossandmoonstonestudio.com

kastellifournis.com

axokey.net

peekl.com

metsteeshirt.com

abcfinancial-inc.com

btxrsp.com

amydh.com

ccoauthority.com

lumacorretora.com

kimfelixrealtor.com

iconext.biz

Targets

- Target
  
  PO10062020.exe
- Size
  
  344KB
- MD5
  
  02cf2e5ec0352d4e5ad016bf6a4c3ec1
- SHA1
  
  8b45260c7d9df1a0a1240c82ec173d7d2fe39dc3
- SHA256
  
  5ed8ce65c5a1e4b24a300d02167839e8f060bf38c7c407d4a7d2dc5e0d2c80b9
- SHA512
  
  3bf2c80200b053529afda0064544056b43d5bae40b1370e78555820cf0b4fe3c8a7361fedeb56b4cca99ebe2aab1d15f063c0c0448784eeef44d918bafbf7fe7
Score

10^/10

formbook q5e persistence rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2