formbook

General

Target

84027b4369d1b4c2e5eca6074423c9ca
Size

117KB
Sample

220725-l3crnacbbl
MD5

84027b4369d1b4c2e5eca6074423c9ca
SHA1

8290d7fe37cd0741a138374b95bfadf914ebab41
SHA256

5a60c47e31c4bfd7eff0b53c4793249b33a177d669e2e781418c6dcb2bac0f7c
SHA512

988700439adac4e2869485d55578798f4ba565649c231bbbdd6359f262a5afec90c79465f752c39dc7f7d3fd18268cd58ac26b2dabc7af1b76ebc06a2a480f43

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s4s9

Decoy

qianyuandianshang.com

bernardklein.com

slhomeservices.com

findasaas.com

janellelancaster.xyz

umkpro.site

nr6949.online

mersquare.club

lanariproperties.com

3rdeyefocused.com

giftexpress8260.xyz

hilleleven.xyz

beajod.com

kosazs.online

ishare.team

mb314.com

xjjinxingda.com

ayekooprojectamazing.com

ballsybanter.com

todayshoppingbd.com

Targets

- Target
  
  84027b4369d1b4c2e5eca6074423c9ca
- Size
  
  117KB
- MD5
  
  84027b4369d1b4c2e5eca6074423c9ca
- SHA1
  
  8290d7fe37cd0741a138374b95bfadf914ebab41
- SHA256
  
  5a60c47e31c4bfd7eff0b53c4793249b33a177d669e2e781418c6dcb2bac0f7c
- SHA512
  
  988700439adac4e2869485d55578798f4ba565649c231bbbdd6359f262a5afec90c79465f752c39dc7f7d3fd18268cd58ac26b2dabc7af1b76ebc06a2a480f43
Score

10^/10

formbook s4s9 rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook payload

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2