formbook

General

Target

villarzx.exe
Size

406KB
Sample

211020-s7y9saabem
MD5

94abfdf47572a6023f28be8b72f2fb74
SHA1

c05059aa66ebd5eefe06f49e889f178aafebf5a1
SHA256

b0cfa1848c7b08eb881e615731493df57963468fa3fb461ebf1468271dd17a14
SHA512

1344ba9e20adfa83d8c8c6a7cdb3a99538b542b821e63030cd64808b4c899cf32df5326ef8fcb0c37664a7aa4f8fb85a6c3fc19d6f19829c2b808a2beda9e182

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jy0b

C2

http://www.filecrev.com/jy0b/

Decoy

lamejorimagen.com

mykabukibrush.com

modgon.com

barefoottherapeutics.com

shimpeg.net

trade-sniper.com

chiangkhancityhotel.com

joblessmoni.club

stespritsubways.com

chico-group.com

nni8.xyz

searchtypically.online

jobsyork.com

bestsales-crypto.com

iqmarketing.info

bullcityphotobooths.com

fwssc.icu

1oc87s.icu

usdiesel.xyz

secrets2optimumnutrition.com

Targets

- Target
  
  villarzx.exe
- Size
  
  406KB
- MD5
  
  94abfdf47572a6023f28be8b72f2fb74
- SHA1
  
  c05059aa66ebd5eefe06f49e889f178aafebf5a1
- SHA256
  
  b0cfa1848c7b08eb881e615731493df57963468fa3fb461ebf1468271dd17a14
- SHA512
  
  1344ba9e20adfa83d8c8c6a7cdb3a99538b542b821e63030cd64808b4c899cf32df5326ef8fcb0c37664a7aa4f8fb85a6c3fc19d6f19829c2b808a2beda9e182
Score

10^/10

formbook jy0b rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2