formbook

General

Target

Documents Submission QTN.pdf.zip
Size

413KB
Sample

210726-xg6ayl93yx
MD5

d911a20362bedf60295a61762d428b49
SHA1

e9ec6b65da7691bc5d4a44ed177fdc97c1c24f07
SHA256

0d96954f46f5f9862d8e2dda736f1355a50dbb209e209919116e5f548697960d
SHA512

4fb4c1700faf4764ca29af08e15dd5211fe008b9a075b467e002c9b8b91cd38e12f13b0d08010f79c4f9737c8ec5d9d6986ea2b9b0e16642d7319a0e3b8145d3

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.headairload.com/jdge/

Decoy

cungcaptapvu.com

lantianren.net

mydivorcepsychologist.com

bageurapparel.com

citydealmaker.com

historyegress.com

litekkutu.xyz

perksofkerala.com

flairmax.com

washingmachineservicerepair.xyz

organicbeauty.club

rehmazbeauty.com

goodgly.com

imtheonlyperson.systems

shbanjia199.com

mwfbd.com

halsonpipe.com

0927487.com

perfectpeachco.com

danielprok.com

Targets

- Target
  
  Documents Submission QTN.pdf.exe
- Size
  
  492KB
- MD5
  
  18fa8099b62e8f056fe58725632b860d
- SHA1
  
  34be165cd7bbf63732f599cccb666a0e3af3377e
- SHA256
  
  9316b9fe5a317761f719e6ee8602f20b356cde2e5e566fdec0a388dc390b2bd0
- SHA512
  
  eada997d7167c718a0d0154a269c1a9693cddad91e71055b93b3dc55cb08ad6df4e98c993fb0ed6475970306c5ab7bf46d66ebd1272226d777241021d646a876
Score

10^/10

formbook rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2