formbook

General

Target

077869509# Invitation PQ Documents Submission QTN.pdf.rar
Size

410KB
Sample

210726-hb41m93mdn
MD5

80a22a6dca5aa7958d4fe8173c4c9f49
SHA1

03249603229f88567d778b2f1c4727a9759cb5b6
SHA256

6e9fd529f9f326337231d26957cd181eda15f7aa42df2cff024d68a57ed02895
SHA512

39f00f7eb70611a26966f587462f16d86fa203a2221e05ebc8af91871999bd6f6443a3f0612b8d087232cdffd85d3f5609e6d070f55c61a8eb47bf7e9479d067

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.headairload.com/jdge/

Decoy

cungcaptapvu.com

lantianren.net

mydivorcepsychologist.com

bageurapparel.com

citydealmaker.com

historyegress.com

litekkutu.xyz

perksofkerala.com

flairmax.com

washingmachineservicerepair.xyz

organicbeauty.club

rehmazbeauty.com

goodgly.com

imtheonlyperson.systems

shbanjia199.com

mwfbd.com

halsonpipe.com

0927487.com

perfectpeachco.com

danielprok.com

Targets

- Target
  
  077869509# Invitation PQ Documents Submission QTN.pdf.exe
- Size
  
  492KB
- MD5
  
  18fa8099b62e8f056fe58725632b860d
- SHA1
  
  34be165cd7bbf63732f599cccb666a0e3af3377e
- SHA256
  
  9316b9fe5a317761f719e6ee8602f20b356cde2e5e566fdec0a388dc390b2bd0
- SHA512
  
  eada997d7167c718a0d0154a269c1a9693cddad91e71055b93b3dc55cb08ad6df4e98c993fb0ed6475970306c5ab7bf46d66ebd1272226d777241021d646a876
Score

10^/10

formbook rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2