formbook

General

Target

ORDER PROPOSAL.exe
Size

323KB
Sample

210816-lwtr7ef14j
MD5

376b4ec91fc3fb35e98c46435116eccf
SHA1

de7dad010ec5114b57bcdd87a0795ad8060ff103
SHA256

0879dee35833049ac723a101661d8f5a4bb92528b98fa27fc564a44649161862
SHA512

273f87a80c34f33c3a2c277dc6cb8bc64b38380ac654c24a15f319d1ee34ec4886c2a60a2301ddb0913c727f7d6969ea0c2717fe6b284e14bc74310811b449ec

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m4ts

C2

http://www.activelyfe.com/m4ts/

Decoy

sverreogjenny.com

hybctd.com

cash4homesutah.com

finaday.com

thecreepniks.com

yumnamc.com

hkk-diary-notes.com

enhancedtech.net

bestmercedesbenzwebsite.com

healingmusicx.com

coegl.com

apinchofearth.com

headsetlinks.com

gxshenghuang.com

skyscrapersaluminium.com

seres.tech

mycrystalcare.com

irgemedia.com

hscecourses.com

ludicrousnutrients.xyz

Targets

- Target
  
  ORDER PROPOSAL.exe
- Size
  
  323KB
- MD5
  
  376b4ec91fc3fb35e98c46435116eccf
- SHA1
  
  de7dad010ec5114b57bcdd87a0795ad8060ff103
- SHA256
  
  0879dee35833049ac723a101661d8f5a4bb92528b98fa27fc564a44649161862
- SHA512
  
  273f87a80c34f33c3a2c277dc6cb8bc64b38380ac654c24a15f319d1ee34ec4886c2a60a2301ddb0913c727f7d6969ea0c2717fe6b284e14bc74310811b449ec
Score

10^/10

formbook m4ts rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2