formbook

General

Target

Yeni Siparis listesi.exe
Size

614KB
Sample

210811-gv5rf8px9n
MD5

8ffd1687d55df5dd0ef08960e77df9a9
SHA1

98e4235a7192cfb54245eaaa0cd04454d67e72d1
SHA256

03274468c32f75a5cca8434b9ee4adad38324b2d946a6b4734ac18d270926cb0
SHA512

5bf2999f19e726c7f943d296d4ff7a46e16c0b1c0870c58d90c3674f93589c8b71bdca04bbe00ef617a2562c7bead789ad5e58a6a5b2f38415796010696a74ea

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

3nop

C2

http://www.jakesplacebarbers.com/3nop/

Decoy

videohm.com

panache-rose.com

alnooncars-kw.com

trueblue2u.com

brussels-cafe.com

ip2c.net

influenzerr.com

rbcoq.com

zzful.com

drainthe.com

sumaholesson.com

cursosaprovados.com

genotecinc.com

dbrulhart.com

theapiarystudios.com

kensyu-kan.com

dkku88.com

tikhyper.com

aztecnort.com

homebrim.com

Targets

- Target
  
  Yeni Siparis listesi.exe
- Size
  
  614KB
- MD5
  
  8ffd1687d55df5dd0ef08960e77df9a9
- SHA1
  
  98e4235a7192cfb54245eaaa0cd04454d67e72d1
- SHA256
  
  03274468c32f75a5cca8434b9ee4adad38324b2d946a6b4734ac18d270926cb0
- SHA512
  
  5bf2999f19e726c7f943d296d4ff7a46e16c0b1c0870c58d90c3674f93589c8b71bdca04bbe00ef617a2562c7bead789ad5e58a6a5b2f38415796010696a74ea
Score

10^/10

formbook 3nop rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2