formbook

General

Target

PFR 2012R2-45137.lzh
Size

498KB
Sample

210909-gvzh8saggn
MD5

7e78c111943858ddd09bd268d492206e
SHA1

7343b35365d6d7406a99ec00fd47bba71cd3c7e7
SHA256

faaf9067632f27df389f09dd6fc4bec073fc25bec1043672201b312c7f3454c7
SHA512

bafef0bae1b58fa97b0c87c278aecd4ddf496a354c55c072113725bdf1431977b05065b3c926ba94f6f05884805111656387c56b9dce98ac0db00368e7095c4d

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ergs

C2

http://www.barry-associates.com/ergs/

Decoy

jardineriavilanova.com

highkeyfashionboutique.com

willingtobuyyourhouse.com

ysfno.com

bjkhjzzs.com

hexmotif.com

intentionalerror.com

nuu-foundfreedom.com

catalystspeechservices.com

blackmybail.com

xntaobaozhibo.com

site-sozdat.online

45quisisanadr.com

ipawlove.com

yifa5188.com

admm.email

houseoftealbh.com

scale-biz.com

vdvppt.club

loveandlight.life

Targets

- Target
  
  PFR 2012R2-45137.exe
- Size
  
  749KB
- MD5
  
  8fa85ce4b25441a6e45dd6c74cb79670
- SHA1
  
  1b5ce8ebb1074d89dead6ed83e7c8d6d77a8971f
- SHA256
  
  6a778cbfb34a637265c39ae5a0a321010998d93fb7183b4e8766a4a2390bf72f
- SHA512
  
  31c726a677f25ef0dbb688d0b778d527661fda5208da8bd3cb11fc971536b8b2e18ccdeea4008956515a6fd6c1f6d1999884a754e51fc696b5540dbf1c2ec5be
Score

10^/10

formbook ergs rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2