formbook

General

Target

tmp
Size

247KB
Sample

220603-fkn43sggh5
MD5

6d5af3c3cbd850fd982a9b243e2857a7
SHA1

a070566b72fca1e39f52599da8d2f80a0a11fb5f
SHA256

e1b5157b0929486351722245f7bf2cee1b8b9e05fca294fe3a0cf676e9a7ad57
SHA512

dccba4090f0aef7e59f35d4be64406b7ce7733f59f7ab940e296c5d8b5da852dce11b53d317f71bcf53304088c1c361fc24f8e466915c6d9a1e8dfee17fb4bc1

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g14s

Decoy

highnessmagazine.com

mokeyshop.com

remotedesktop.xyz

bicielettrica.xyz

addoncarzspa.com

ironesteem.com

asset-management-int.com

newportnewsaccounting.com

seriesyonkis2.com

hhivac.com

shrmgattlnow.com

yangzhenyu1.xyz

prettylittlenail.com

phyform.com

fggloballlc.com

gamecentertx.com

apriltoken.com

agalign.com

jointventurecoop.club

pengqianyue.tech

Targets

- Target
  
  tmp
- Size
  
  247KB
- MD5
  
  6d5af3c3cbd850fd982a9b243e2857a7
- SHA1
  
  a070566b72fca1e39f52599da8d2f80a0a11fb5f
- SHA256
  
  e1b5157b0929486351722245f7bf2cee1b8b9e05fca294fe3a0cf676e9a7ad57
- SHA512
  
  dccba4090f0aef7e59f35d4be64406b7ce7733f59f7ab940e296c5d8b5da852dce11b53d317f71bcf53304088c1c361fc24f8e466915c6d9a1e8dfee17fb4bc1
Score

10^/10

formbook g14s rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2