formbook

General

Target

new order.zip
Size

270KB
Sample

210723-vrr2vq4amj
MD5

3b6f6a22e98865547e031d4e82ac914f
SHA1

f8875d89a3b725558a9eaeb9cc123f6d2c0cc023
SHA256

2297896d204fd9d613c91515b52d650754db875e530c4200fa19e9c2a6882544
SHA512

41d69fbec1ce362a1db3e0371b922f8317ba66d8bc2b3b35d4f7254b6b2292cf21a34086ce25373e8f0ea93a61530ebe0bd64e02a0201151bb94495528ca6bab

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.prospertraining.info/ymmi/

Decoy

terrapotencia.com

issytosou.net

samankapan.com

zzxitang.com

iapple-uk.com

robertcollinsrealtor.com

theweehero.com

jyotisagar.net

powerbi.fitness

nuoyilm.com

modelsara.com

langvietco.com

aplusroofer.com

isabelacalaca.com

bearhawk.one

exporaoverseas.com

box-appliance.com

walkingfishvod.com

onlyqna.com

feed-parser.com

Targets

- Target
  
  new order.exe
- Size
  
  574KB
- MD5
  
  383b8177e9f7c5e2d771d4bb5b4dd0fd
- SHA1
  
  9ccb9fdcf54623c18fe39189fdb3fe0ff53d814a
- SHA256
  
  d47e0508ebe3d03a2fe75479c2a17b3cee5adc099facd5da777b9d090d010907
- SHA512
  
  fa98bf545af68c9b0a9fbec46a9e502d34978da627468574d36496b418af35b0996a5ee23a4fdde98aa46f90a83614b32815c405b96e6e96fbbba7b058480443
Score

10^/10

formbook rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2