formbook

General

Target

Remittance_90523_03.exe
Size

1.2MB
Sample

210728-71hcbagn3n
MD5

4877999ea194338dfe6ad0b7c501afe8
SHA1

41c912ac202c7b590450fd91e4f2ed6faa5b2aff
SHA256

107f0cce39dcfa85508fd5d256fa0515b6e27f554628e2ca4400af9dc2a5dcae
SHA512

e28520a7d7c5bcccb7309d51c2e5c67668e7c081cf15f133ad4345e1b46a92e652d435abe718c6df851ffa57f8e0355bcccf3cb8e4361bd10012723034e7a5bf

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.bitcoin-noticias.com/fw6/

Decoy

rashtriyasanghsewak.com

filestree.cloud

penoner.com

owliwant.com

elkincook.com

jhac16kaizencollection.com

shalomdentalavenue.com

hotelsbytheweek.com

cookwithchefcari.com

threattenterprises.com

sanookna.com

tlsbuilders.com

softandhardshop.com

ppr419.com

powertexinc.info

businessandhr.com

yiliao2020.com

eiman-pro.com

rhondarothrealtor.com

junk-service.com

Targets

- Target
  
  Remittance_90523_03.exe
- Size
  
  1.2MB
- MD5
  
  4877999ea194338dfe6ad0b7c501afe8
- SHA1
  
  41c912ac202c7b590450fd91e4f2ed6faa5b2aff
- SHA256
  
  107f0cce39dcfa85508fd5d256fa0515b6e27f554628e2ca4400af9dc2a5dcae
- SHA512
  
  e28520a7d7c5bcccb7309d51c2e5c67668e7c081cf15f133ad4345e1b46a92e652d435abe718c6df851ffa57f8e0355bcccf3cb8e4361bd10012723034e7a5bf
Score

10^/10

formbook rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

CustAttr .NET packer

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2