formbook

General

Target

Statement of account.lzh
Size

430KB
Sample

210909-glxchsageq
MD5

3f70691905b6d4fe154974b7d2519409
SHA1

669e2b3464f2b242eb495801b7a4bbb51f887472
SHA256

3f2806c512ef58342743d4da9551bfc1fec7ca13fa3be4684d2ac5652abf422c
SHA512

20f5b9fe04f12b39602685d22d41983132c206d9fac069332b4326586796a6f7b4bf9122f9c98bb5b589bd4d03843d7f7217bd48f8be2662eca7ca9110297751

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ergs

C2

http://www.barry-associates.com/ergs/

Decoy

jardineriavilanova.com

highkeyfashionboutique.com

willingtobuyyourhouse.com

ysfno.com

bjkhjzzs.com

hexmotif.com

intentionalerror.com

nuu-foundfreedom.com

catalystspeechservices.com

blackmybail.com

xntaobaozhibo.com

site-sozdat.online

45quisisanadr.com

ipawlove.com

yifa5188.com

admm.email

houseoftealbh.com

scale-biz.com

vdvppt.club

loveandlight.life

Targets

- Target
  
  Statement of account.exe
- Size
  
  702KB
- MD5
  
  a59ac7b2bcf00d4d15a9a010d56139b0
- SHA1
  
  09e4feef7b72c18b90b589f0d3f7f4fccba1664c
- SHA256
  
  83b3d86539fd63f97b860e86c3e61b4e2c64dc1ff2936566d5bda292ab6e478d
- SHA512
  
  a97e111d09fc0319552101ce3aa3e20e7e20e8ca6bfd2e0a51191bb15de98b0cd323f845382dea87a370433e9608e01c70c5edb20a657963c708134cc6136248
Score

10^/10

formbook ergs rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2