formbook

General

Target

196666c8.exe
Size

394KB
Sample

211023-jmh8dsdbck
MD5

c0774667c40bc1a34b22fe4afdf3d87c
SHA1

750efb48dea98d15bf740aa357eed6235caa2187
SHA256

196666c85a31dedff03cdc9a8e19c323f510f7d1b55301463a21cb969751a700
SHA512

18687d1dbe2657c5e8237fa71b32f9de2fd4944713e874303312d6194eec3758ccef760c8a86d50aa8966abe20357f86b3ae24fa004da824072a0304eff66829

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s0vc

C2

http://www.xn--289an7fmsbe2rud327e.com/s0vc/

Decoy

redstonemanagers.com

graffitiparktx.com

aliturk.com

asicsmalaysiasale.com

primetimehandyman.com

logjed068.xyz

rusicedream.com

rickcaronmuseum.com

softwarebuynow.com

buddysbarkery.com

ysm99.com

rtetrgwgre.xyz

97020.xyz

utahblind.site

hiyym.com

rohukager.xyz

vcstudentwork.com

oxfordautomotivepa.com

salibrown.com

tekosocks.com

Targets

- Target
  
  196666c8.exe
- Size
  
  394KB
- MD5
  
  c0774667c40bc1a34b22fe4afdf3d87c
- SHA1
  
  750efb48dea98d15bf740aa357eed6235caa2187
- SHA256
  
  196666c85a31dedff03cdc9a8e19c323f510f7d1b55301463a21cb969751a700
- SHA512
  
  18687d1dbe2657c5e8237fa71b32f9de2fd4944713e874303312d6194eec3758ccef760c8a86d50aa8966abe20357f86b3ae24fa004da824072a0304eff66829
Score

10^/10

formbook s0vc rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2