formbook | 851b20d33b8210f3d20ab4694011a0858eeb745e248a768c1e4c214efb59464b | Triage

Sharing

General

Target

Pass
Size

352KB
Sample

211018-peywrseebm
MD5

74f87a533471eaa7719df1d9b0593c2a
SHA1

77a20802e1e2db283ddf605a818372a72b0d8e26
SHA256

851b20d33b8210f3d20ab4694011a0858eeb745e248a768c1e4c214efb59464b
SHA512

a65587fa689531ff0d9da0c24ed9fb01adc986353491b6cb65773c66c7d5bf3773f8ae7c87ca4e2485da442c815722cdf5633e425693a8ace5f888744c868438

Score

10^/10

formbook cl8k rat spyware stealer suricata trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cl8k

C2

http://www.lightiroanwgt76.xyz/cl8k/

Decoy

georgiaprfirm.com

rhinosafeinc.com

gandgpublishing.com

angelyangelarquitectos.com

formation-gallery.com

orangecountyipadrepair.com

aplearn.info

freshlucky.com

wrapfestival.com

zerosarentals.com

ff7a9vlt7.xyz

teachbing.com

mukos.xyz

baojianma.com

dermalaf.com

hannahandpatrick2022.com

yesilnoktam.xyz

theroyalhotels-kw.com

reisebazaar.online

senergypallet.com

Targets

- Target
  
  Pass
- Size
  
  352KB
- MD5
  
  74f87a533471eaa7719df1d9b0593c2a
- SHA1
  
  77a20802e1e2db283ddf605a818372a72b0d8e26
- SHA256
  
  851b20d33b8210f3d20ab4694011a0858eeb745e248a768c1e4c214efb59464b
- SHA512
  
  a65587fa689531ff0d9da0c24ed9fb01adc986353491b6cb65773c66c7d5bf3773f8ae7c87ca4e2485da442c815722cdf5633e425693a8ace5f888744c868438
Score

10^/10

formbook cl8k rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookcl8kratspywarestealersuricatatrojan