formbook

General

Target

PO 800A3E4.exe
Size

962KB
Sample

211025-k9l38sghap
MD5

d13b3ff3dfdab0ced5ea88729756afd6
SHA1

51ceb5fb8e95c355ee3482e3d3f2c5d678203912
SHA256

49609c0487ceeec0771547efd9277b01f494be83549bc0245330672ee962c50c
SHA512

ab1e9cd76c813462678cbce85623ea31d9e8e379cd7d069f0fb6b1231795fa35cf6e2e0a8ec498f7e5a2d6a9682a9b091a46fbedd7ba5d5d0456e7fd6adeb0ee

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c249

C2

http://www.sarahnicolenadler.online/c249/

Decoy

yourbocatubs.com

windutshop.com

kevinellis.email

hzjiya.com

theaethereal.com

charmteesgift.com

tarinikalingarayar.com

thefacesiseek.com

tehuentecnewmcc.com

xn--80ajamkdph6ax.xn--p1acf

gmodwonderlandrp.com

sincerelyenaj.com

youtuan001.com

hekimalandsurveyors.com

madhatterathletics.com

09ex.com

yogrammyraps.com

analytico-australis.com

yourhome403.com

downtown-annapolis.net

Targets

- Target
  
  PO 800A3E4.exe
- Size
  
  962KB
- MD5
  
  d13b3ff3dfdab0ced5ea88729756afd6
- SHA1
  
  51ceb5fb8e95c355ee3482e3d3f2c5d678203912
- SHA256
  
  49609c0487ceeec0771547efd9277b01f494be83549bc0245330672ee962c50c
- SHA512
  
  ab1e9cd76c813462678cbce85623ea31d9e8e379cd7d069f0fb6b1231795fa35cf6e2e0a8ec498f7e5a2d6a9682a9b091a46fbedd7ba5d5d0456e7fd6adeb0ee
Score

10^/10

formbook c249 rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2