formbook

General

Target

order.zip
Size

32KB
Sample

220706-h5hh5scaa9
MD5

9992551cdbb80e7df0252109131e5dc7
SHA1

efd404fb7dc626272b841f4fb4ff36958467b825
SHA256

0ae244dbfc247ee7c25cd07a9e339e542c20960f6568e02e8cf581acda0cdd5f
SHA512

8ba276a5a8da546a859dbbc72c87f49ff894e087afc0be2b63144507c8b7d24f7130631e1b027dc0f7aba521dc1fb793f13c0e5cbba41bc09956958b48837858

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fs44

Decoy

whneat.com

jljcw.net

pocodelivery.com

outofplacezine.com

yavuzcansigorta.com

xinhewood-cn.com

cartogogh.com

5avis.com

joyceyong.art

digitalsurf.community

blackcreekbarns.com

magazinedistribuidor.com

sportsgross.com

drevom.online

mayibeofservice.com

gareloi-digit.com

permitha.net

renaissanceestetica.com

facts-r-friends.com

dach-loc.com

Targets

- Target
  
  order.exe
- Size
  
  121KB
- MD5
  
  ba0a02061fb326c69a925c6ed28a363a
- SHA1
  
  e7e668017328b7ceb7bb1f81a5ea048f990d971f
- SHA256
  
  aeb2dd004a580971a25e3408e2fc4cc08535bd2a84b0300d763dddace11c6400
- SHA512
  
  1000bb2afe9b15632002f64e9c5eab0f2ce66a868df1303d6a4a9fc5bedbd60b13f94faece4fc3faf23fc9e241c893ba1b3c3ebe7f8738bf472e37debe1c7a65
Score

10^/10

formbook fs44 rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2