formbook

General

Target

Payment receipt.pdf.exe
Size

821KB
Sample

211021-nwqfaabahn
MD5

b23c8de2a3a56e2fb8bacb085dbd9d19
SHA1

5957dbee0b2b200110787aac267be09bcecbeda2
SHA256

027eae741aaf031d2edcdc08920457e4c2e641c33847d67705d791f124b7781e
SHA512

a696b8e4cdbca841f2ecae342d8aa61c9ac9adc0849e69c715f3f3ce7b5195711bf4a22ad8c2add5bf1962d6a6cb18b751abbe73711699bce59199bd09ad2a63

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mo9n

C2

http://www.lievival.info/mo9n/

Decoy

circuit-town.com

stock-high.xyz

barlindelivery.com

littletoucans.com

bright-tailor.com

firsthandcares.com

ecompropeller.com

circuitoalberghiero.net

creative-egyptps.com

bitracks56.com

douhonghong.com

fingertipcollection.com

happy-bihada.space

blockchainairdropreward.com

xn--reljame-jwa.com

polloycarnesdelivery.com

d22.group

eslamshahrservice.com

vanzing.com

juzide.com

Targets

- Target
  
  Payment receipt.pdf.exe
- Size
  
  821KB
- MD5
  
  b23c8de2a3a56e2fb8bacb085dbd9d19
- SHA1
  
  5957dbee0b2b200110787aac267be09bcecbeda2
- SHA256
  
  027eae741aaf031d2edcdc08920457e4c2e641c33847d67705d791f124b7781e
- SHA512
  
  a696b8e4cdbca841f2ecae342d8aa61c9ac9adc0849e69c715f3f3ce7b5195711bf4a22ad8c2add5bf1962d6a6cb18b751abbe73711699bce59199bd09ad2a63
Score

10^/10

formbook mo9n rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2