formbook

General

Target

7a89819406800bfa110d3caa0750c54a3fdfd6e2f48b1e236671ce18983517d6
Size

513KB
Sample

220521-xjrx1sbhb8
MD5

921b3241b24e44fd80dc0f5d476adc08
SHA1

491727164424d38afa6d057d6733bf4878ce816a
SHA256

7a89819406800bfa110d3caa0750c54a3fdfd6e2f48b1e236671ce18983517d6
SHA512

512a6b6a9f7be9ca9dc052690d19685ff382b68ff8900bc8f7c9a1601b7aab958381ff65824317cd0199112fc1441b50f3fbd37f60a2087f1c780133baf2a890

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bnc

Decoy

saltoasischarleston.com

gor.digital

oneserviceplace.com

ivcfte.info

grasshopperveteran.com

tblacklist.com

noahandvincent.com

bbbmorris.com

coralvillerealestate.info

rjprime.info

smilehdapp.com

texas.kitchen

lifeofbeautifulchaos.com

myfittedfurniture.com

mobiledealsnetwork.com

ateliermusicapiano.com

568027.com

johnmeanwell.com

uneggsing.com

chengshuai88.com

Targets

- Target
  
  UPDTED PAYMENT DETAILS 948998849-909N.exe
- Size
  
  661KB
- MD5
  
  6d8a6794412d626d13bccfbcebda900f
- SHA1
  
  466ae37bb340ce9ffca60cf8758cde8af08bd077
- SHA256
  
  dd2e99f4c8b2909221d9cddcae2aa9c5ce4e343cd4ed8e5fa7113e639412ef7f
- SHA512
  
  de7d7f7290dd4f65ae5954d29b41e6f1bbf78e17142d1287645d8a9cd3ddb3b520a8c782b1846a1f010636512431c289f4917a99dc1bc80b2059130aacd1c25a
Score

10^/10

formbook bnc persistence rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Adds policy Run key to start application
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2

T1060

Privilege Escalation

Defense Evasion

Modify Registry

3

T1112

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Adds policy Run key to start application

Reads user/profile data of web browsers

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2