formbook

General

Target

5107873717846016.zip
Size

850KB
Sample

210727-jtk841efze
MD5

b9f76b778f4c02ae77dd5a2496672485
SHA1

360a75e306f59964aadebfa3383be00b0de7639f
SHA256

3ecd59d72dfe8bab5b05b32842e5abbe8826e8862829f1baec873c0e715a7628
SHA512

48cee6a6e73c94a8653bdf906edeeb53c8b0a64c423eba87de1f8eeba3985bb6dd15fc8a78cdee971eb82b23ec4435bd70b53fcc77c2dd737fdfde6052446884

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.sunderstudios.com/blo/

Decoy

introducingsadieann.com

batterrydaddy.com

restaurantechoytac.digital

toriox.tech

cursosonline.pro

onegreenmother.com

canyonpark-home.com

charleserick9.com

coldavis-81720-1634.com

deliandgyros.com

darrenjmajor.com

chekax.com

twinsepower.com

welinkautollc.com

kimlmontgomery.com

ligature.net

bllbirdcrk.com

happilyeverfi.com

hahdigitalmarketinghelp.com

onecomcall.com

Targets

- Target
  
  RFQ-BHI-PP-IN-301 PROJECT MaterialsEquipements Request for Quotation_HMD PJT.exe
- Size
  
  1.1MB
- MD5
  
  32a7f5eccb743dc2645f642cf109690a
- SHA1
  
  d73a4e4f6b5560cd1f21978a40265d480ef24259
- SHA256
  
  4cb3b507b091eafd3faf47a7ebb23e597d92b1cd4ad1655f6a0a9330768a60e5
- SHA512
  
  f590c392efe24e998aa5604bc8e03de3aafd69173e5b378612b561311c5c38620c0895811aff71320f98cc543cfe6d8643e67920822838b4fabed2c9b404f546
Score

10^/10

formbook rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2