formbook

General

Target

INQUIRY.exe
Size

644KB
Sample

211020-2fc2xaaeem
MD5

5a707691406a2638523c755b77a9a46b
SHA1

3dbdce0b3b04dbe0ec3ee7e89403f000d9536853
SHA256

f08ca756c36edc6ed2a59075dd924b66dc07025cd9e5320b93eee0a148a5fba0
SHA512

0adf0ff1b336b252ad93128436c41b0933b67baf32f5ebe0a803f33263d80c41095e582bece484ba02e41639fcc2512c074375aa86393373811279a69a904bca

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h0c4

C2

http://www.cursoukulelegospel.com/h0c4/

Decoy

looknewly.com

icha2016.com

datnenhoalachn.xyz

fark.ltd

zjlj.site

carpinteriacansino.com

atozmp33.com

oficialacesso.com

tuningfrance.com

rmm-mx96r.net

outsidestyleshop.com

eufundas.com

a91furniture.com

sfme.net

englisch.coach

wallacechen.info

nyayeo.com

jintongstore.com

vanwerknaarwerk.info

thekimlab.net

Targets

- Target
  
  INQUIRY.exe
- Size
  
  644KB
- MD5
  
  5a707691406a2638523c755b77a9a46b
- SHA1
  
  3dbdce0b3b04dbe0ec3ee7e89403f000d9536853
- SHA256
  
  f08ca756c36edc6ed2a59075dd924b66dc07025cd9e5320b93eee0a148a5fba0
- SHA512
  
  0adf0ff1b336b252ad93128436c41b0933b67baf32f5ebe0a803f33263d80c41095e582bece484ba02e41639fcc2512c074375aa86393373811279a69a904bca
Score

10^/10

formbook h0c4 rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2