formbook

General

Target

PO JREL0036 202R2.lzh
Size

597KB
Sample

210909-rp5s6sbdgr
MD5

8206b4f35e55e82805e7ed7a2e2faef9
SHA1

50a97944178bba6c9187fdf2e5a078bee604f260
SHA256

d3c7472fe288667a66899568ab65f4d28d89bc91a44bcacb19633425b32d1c6a
SHA512

dac83faf1b5568f3dd34e9201d1817d2661cef10a09b199c49641d8e680c355422af705898d47ba52886415126756faf538337fdfcbbcebb2e7d44d018875f1e

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ergs

C2

http://www.barry-associates.com/ergs/

Decoy

jardineriavilanova.com

highkeyfashionboutique.com

willingtobuyyourhouse.com

ysfno.com

bjkhjzzs.com

hexmotif.com

intentionalerror.com

nuu-foundfreedom.com

catalystspeechservices.com

blackmybail.com

xntaobaozhibo.com

site-sozdat.online

45quisisanadr.com

ipawlove.com

yifa5188.com

admm.email

houseoftealbh.com

scale-biz.com

vdvppt.club

loveandlight.life

Targets

- Target
  
  PO JREL0036 202R2.exe
- Size
  
  959KB
- MD5
  
  031b19f1f116244a1b5f1f29b59f9dfa
- SHA1
  
  f735b258c06129b0c52d58be23a2a0f1729ace90
- SHA256
  
  0cdbab37f443dbdc7fb7aecc5e0b8dfb7b25b7d665397194bb8a137e9b01d44f
- SHA512
  
  1f6b1a208e42e64a26f242eb77c63779fe637dd48acdf4ba0c9c2931be587d1c91569938a31c15a24dc945e6880a550ab2db494785d35a643bf37ac9f6bab16e
Score

10^/10

formbook ergs rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2