formbook

General

Target

KOC RFQ.lzh
Size

129KB
Sample

210921-eyft7aaffp
MD5

49b9b68df043d3911e6dc952ed8df63d
SHA1

2bfd372f96936ed7d155cb5d9c10a42662e66f7d
SHA256

c6fe795f888534f4d6ba3152e95f694dc57878d4ba9875af9af347d432598d00
SHA512

6b0eb240767bfa42194f46a5fdd50ffc0920420cdd7214f8a011c37ee151b2672e45e87cfafe94b9c1830d61f7fe36851736f9953266c17e161aa9424bca37a1

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ucze

C2

http://www.ryankim.site/ucze/

Decoy

secaucusmoversnearme.com

superbaddog.com

scppore.com

debenspaceslimited.com

ondemandmedicalgroup.net

elegantaffairexpo.com

casadelmigrantevenezuela.com

meritoriousjournals.com

swiftglobalexpress.com

randiny.com

1g30p.com

theeecreative.com

edstarrswindowcleaning.com

nexaesport.com

macvideogeek.com

nftteria.com

diogo-lino.com

samcdelivery.com

st666.place

business-page9982.com

Targets

- Target
  
  KOC RFQ.exe
- Size
  
  185KB
- MD5
  
  253637fd81b504d554f9c6c0485394c2
- SHA1
  
  d6746cea35f9dba9fa2d2a99eb76a5152aa3e2d0
- SHA256
  
  fb4840549b45ab906a4908eb0f5c179d5f8af16a0714d1ab6783b847c7015f80
- SHA512
  
  a41d0c3b12e1689acee80f0892487feab68b7c1d7a65cc8a18fe67b8bd9eed45feb59d503a2a792febc9246ceb2d351bc9ec499f4e43394f6888d0623f97a41e
Score

10^/10

formbook ucze rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2