formbook

General

Target

077869509# Invitation PQ Documents Submission QTN.pdf.exe
Size

492KB
Sample

210726-9me9896n7j
MD5

18fa8099b62e8f056fe58725632b860d
SHA1

34be165cd7bbf63732f599cccb666a0e3af3377e
SHA256

9316b9fe5a317761f719e6ee8602f20b356cde2e5e566fdec0a388dc390b2bd0
SHA512

eada997d7167c718a0d0154a269c1a9693cddad91e71055b93b3dc55cb08ad6df4e98c993fb0ed6475970306c5ab7bf46d66ebd1272226d777241021d646a876

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.headairload.com/jdge/

Decoy

cungcaptapvu.com

lantianren.net

mydivorcepsychologist.com

bageurapparel.com

citydealmaker.com

historyegress.com

litekkutu.xyz

perksofkerala.com

flairmax.com

washingmachineservicerepair.xyz

organicbeauty.club

rehmazbeauty.com

goodgly.com

imtheonlyperson.systems

shbanjia199.com

mwfbd.com

halsonpipe.com

0927487.com

perfectpeachco.com

danielprok.com

Targets

- Target
  
  077869509# Invitation PQ Documents Submission QTN.pdf.exe
- Size
  
  492KB
- MD5
  
  18fa8099b62e8f056fe58725632b860d
- SHA1
  
  34be165cd7bbf63732f599cccb666a0e3af3377e
- SHA256
  
  9316b9fe5a317761f719e6ee8602f20b356cde2e5e566fdec0a388dc390b2bd0
- SHA512
  
  eada997d7167c718a0d0154a269c1a9693cddad91e71055b93b3dc55cb08ad6df4e98c993fb0ed6475970306c5ab7bf46d66ebd1272226d777241021d646a876
Score

10^/10

formbook rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2