formbook

General

Target

c6e799eeeba0345de98b4e9a6ac76b82
Size

292KB
Sample

220526-xhgewshhhl
MD5

c6e799eeeba0345de98b4e9a6ac76b82
SHA1

268bafbd996997350d32521a0012602960c5d004
SHA256

e17bfb8370c8badf90756f650e1be4794e77a57abb3619c30789364756304759
SHA512

b229294931fe70480a7cb0937b33311fa838e5b5f1ac880a1e8fd06b67ddee6c4b691d9a0d93004be86deba5300faf55511cd910fad56f89c4e79b5eead6f681

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

nk6l

Decoy

cbnextra.com

entitysystemsinc.com

55midwoodave.com

ebelizzi.com

khojcity.com

1527brokenoakdrive.site

housinghproperties.com

ratiousa.com

lrcrepresentacoes.net

tocoec.net

khadamatdemnate.com

davidkastner.xyz

gardeniaresort.com

qiantangguoji.com

visaprepaidprocessinq.com

cristinamadara.com

semapisus.xyz

mpwebagency.net

alibabasdeli.com

gigasupplies.com

Targets

- Target
  
  c6e799eeeba0345de98b4e9a6ac76b82
- Size
  
  292KB
- MD5
  
  c6e799eeeba0345de98b4e9a6ac76b82
- SHA1
  
  268bafbd996997350d32521a0012602960c5d004
- SHA256
  
  e17bfb8370c8badf90756f650e1be4794e77a57abb3619c30789364756304759
- SHA512
  
  b229294931fe70480a7cb0937b33311fa838e5b5f1ac880a1e8fd06b67ddee6c4b691d9a0d93004be86deba5300faf55511cd910fad56f89c4e79b5eead6f681
Score

10^/10

formbook nk6l rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2