formbook

General

Target

Listar pedido nuevo.zip
Size

319KB
Sample

210920-xxb4qahgfk
MD5

5f7c4525e294a2c0a12edd73b82cad6c
SHA1

0bb85bedbce8f0317aef1c2f5c9209b7ec24c6e0
SHA256

8b0f72a57e3a2e8c3963fc835d894dab5b0b732176933fa2b96d1e07d42cc4f6
SHA512

d00668fb36393472f61b303a936955ebbecb23ea3153cce1ab77af3c33d1df9d8005fb0d37f2cdecadc6a05c5ba53261dc40d8abf5f2daff6d66d436a381e8ff

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

3nop

C2

http://www.jakesplacebarbers.com/3nop/

Decoy

videohm.com

panache-rose.com

alnooncars-kw.com

trueblue2u.com

brussels-cafe.com

ip2c.net

influenzerr.com

rbcoq.com

zzful.com

drainthe.com

sumaholesson.com

cursosaprovados.com

genotecinc.com

dbrulhart.com

theapiarystudios.com

kensyu-kan.com

dkku88.com

tikhyper.com

aztecnort.com

homebrim.com

Targets

- Target
  
  Listar pedido nuevo.exe
- Size
  
  699KB
- MD5
  
  f28bb3711be3e8a5281d28fc795ec5b0
- SHA1
  
  85981c13f7d39dac047c8046be3241bddaeabe17
- SHA256
  
  ab529f4c00e85413f18a544ab0bf9d8a4f5803d8ac497c0a9ccbcf38d17662fa
- SHA512
  
  ad1c8eaf2dc779c1b6518f31053f5e0cf8cb8d2572f66a065191fd91312025094f64b29e0b671b238c113eadbc75e69230f7b9eaf631629e21e21d046e6ed0a3
Score

10^/10

formbook 3nop rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2