formbook

General

Target

PURCHASE ORDER 29kva.r11
Size

499KB
Sample

210929-pq62hsfahp
MD5

08359b734342da1634a66e867b549a90
SHA1

b17399be8059070447e488c754a9b0953e020446
SHA256

a621a7d8411c3a040a7560fd201d1bb9d269a1ed4bb43559879babf58e675eb8
SHA512

7db4516e5ce84bbbf6c786ab1f4ce654690131108942cbc46230c22341889df63e4e430c33d51735be41633164050d378feb07f28322f4658abf3d1e63e6d255

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ergs

C2

http://www.iselotech.com/ergs/

Decoy

oceanprimesanfrancisco.com

dk-tnc.com

sodangwang.com

abrat-ed.com

dusubiqiqijem.xyz

getsup.online

homeneto.com

shose8.com

tronlane.com

nidowicosasod.xyz

independienteatleticclub.com

pca-winschool.com

realbadnastystories.site

bluevioletfloral.com

simplifiedpeacepodcast.com

abcfreediving.com

theyardbunny.com

holoique.com

ibkr1325.com

tjnfioou.xyz

Targets

- Target
  
  PURCHASE ORDER 29kva.exe
- Size
  
  713KB
- MD5
  
  cf92b80bd587ac1498dd3e37fee96af7
- SHA1
  
  ecaef1532016cc58333ddff64ace07d2a51bde72
- SHA256
  
  727d99fbf5a7d58b50ea62f289cf59b251ffe3e6f5d9487f7716127654e6e32a
- SHA512
  
  cd07ba0d3b511144afd2246778103ac1ce9db31f9df6ac7dd86c3a08600682242cf1069a54e36da7e96041d084aed950e5d899510f08a676434848fe8f350fb3
Score

10^/10

formbook ergs rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2