formbook

General

Target

7609326175.zip
Size

743KB
Sample

220623-rylrnagcb4
MD5

4f8ea63904434cab99bd3854054fa07c
SHA1

6ef972551989a84b7c3a69d371b9a3405c828700
SHA256

8fa0440884a90d217c683a8a50207068022db140a171049957afbe463d090fd4
SHA512

ed4fd1bdac024714bdc02d06a02351a3d6c3bcf6cf31929f7e91e8afaad470a4965aa6a6d7573945215a6de4258b8f9dbd7dbcbb2f75cd75dac1af3ddb5353f3

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

u31y

Decoy

writer-career.com

thecozymosey.com

cesarashop.com

tcdfzx.com

redknightsaus6.com

hbczz.com

u0959.com

hyyssy.com

ytbangsi.com

popularepoch.com

jenesgloparties.site

belbo-shop.com

fundeim-ucv.com

buttersdesignco.com

ingiluzim.xyz

visithimalayatours.com

aridahaaf.xyz

emocjilindre.xyz

rcfunhobby.com

taminndir.com

Targets

- Target
  
  38f284c6ac68831d066f9325b4f8508145ef62146b4c257e3c0a10fdf2305b0a
- Size
  
  3.7MB
- MD5
  
  fd00d713c843371c82be116049b5a6d9
- SHA1
  
  e46e115e003d6088655a5c364d6d03551cb0e41b
- SHA256
  
  38f284c6ac68831d066f9325b4f8508145ef62146b4c257e3c0a10fdf2305b0a
- SHA512
  
  3f5c7ff62a3f3e7d03c7dd69a3195a93ad0490864ffa10af155085755a1de89f9b27a92e67c84594923b87348b5f192714f33467abbd072ee9a9050b2442c07f
Score

10^/10

formbook u31y rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Suspicious use of NtCreateUserProcessOtherParentProcess
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2