formbook

General

Target

AWB##29721.PDF.exe
Size

461KB
Sample

211019-crangsgafn
MD5

6244f4e218cef1f89dbe0a96374d5eaa
SHA1

d6d8c3c4a7e9f777b9c4383120b057be18a4ad41
SHA256

9404982e0cf941d6103e40246a6689d91be00c03c8d9072e42ebf56bd9080492
SHA512

bf8c0c36444aedf8033b636121fd18e2c6ec417ccd56ca528bd3b71c3b71dc5c330c6018c30822c5e33e5d833a863e1a219f9881dd98caf53ba78616ec1a4736

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gr1c

C2

http://www.illusiontrick.com/gr1c/

Decoy

soakyourgrains.com

duwego.com

aenkdesign.com

bikabbziu.xyz

thesawyerlegacy.com

koreanmodelbj.xyz

exceed-standards.com

syirsve.com

sachisushimontreal.com

thegalwaykitchen.com

accarwash-hub.com

connectwithmentor.com

luftfundament.online

ibrahimkaracan.com

biggersinsurance.com

desellon.com

tvnewscloset.com

digital-dre.com

ingocg.com

fernanda-ortiz.com

Targets

- Target
  
  AWB##29721.PDF.exe
- Size
  
  461KB
- MD5
  
  6244f4e218cef1f89dbe0a96374d5eaa
- SHA1
  
  d6d8c3c4a7e9f777b9c4383120b057be18a4ad41
- SHA256
  
  9404982e0cf941d6103e40246a6689d91be00c03c8d9072e42ebf56bd9080492
- SHA512
  
  bf8c0c36444aedf8033b636121fd18e2c6ec417ccd56ca528bd3b71c3b71dc5c330c6018c30822c5e33e5d833a863e1a219f9881dd98caf53ba78616ec1a4736
Score

10^/10

formbook gr1c rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2