formbook

General

Target

HIPV0170.EXE
Size

417KB
Sample

211006-k6rjjsbbdq
MD5

abb3147d8c0e9f65b3248004b8fffb91
SHA1

127a10da0021ae217648b3636f38d84b8f1459f1
SHA256

009e6b48b7d9b2a802d6e831138b1e55c4390861c123287e134bbc21f8a6e225
SHA512

af55e007019139a2257815f50f4e1de3fbc6e1fc9195104c989dc6935bc3ec494c2a5900fb56d13fcf1c1a9043659e9c77a7af37b17aec63d9c59a88b9efed02

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ergs

C2

http://www.iselotech.com/ergs/

Decoy

oceanprimesanfrancisco.com

dk-tnc.com

sodangwang.com

abrat-ed.com

dusubiqiqijem.xyz

getsup.online

homeneto.com

shose8.com

tronlane.com

nidowicosasod.xyz

independienteatleticclub.com

pca-winschool.com

realbadnastystories.site

bluevioletfloral.com

simplifiedpeacepodcast.com

abcfreediving.com

theyardbunny.com

holoique.com

ibkr1325.com

tjnfioou.xyz

Targets

- Target
  
  HIPV0170.EXE
- Size
  
  417KB
- MD5
  
  abb3147d8c0e9f65b3248004b8fffb91
- SHA1
  
  127a10da0021ae217648b3636f38d84b8f1459f1
- SHA256
  
  009e6b48b7d9b2a802d6e831138b1e55c4390861c123287e134bbc21f8a6e225
- SHA512
  
  af55e007019139a2257815f50f4e1de3fbc6e1fc9195104c989dc6935bc3ec494c2a5900fb56d13fcf1c1a9043659e9c77a7af37b17aec63d9c59a88b9efed02
Score

10^/10

formbook ergs rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2