formbook

General

Target

TT copy for our payment.7Z
Size

368KB
Sample

211028-w85pqsgghp
MD5

137dc2d545f07f14b3bf2712ea696fdd
SHA1

18d7e6741d99dcdd2f473d79820964f29f7ab42d
SHA256

47ad5f9aa8949afcd5f9c23bd1394ed45a3516b2f8a2d18aa67904e8695b9b15
SHA512

1143e2b1acc68f4d9dc9782e4d8cb7efc9afcc8b68522f4d364b00ff9bc4722db7468de90ec1026ba8f0c6c6d9dc7f2dbf1e34e1cff2e4c9594f1f4017bcbdd9

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

r4gk

C2

http://www.aprilsaak.quest/r4gk/

Decoy

quantalix.com

animalblog-eggs.com

039skz.xyz

guttas.net

lasantadayparty.com

protegerfinanceservices.com

vixtest.xyz

digitaleconomy.global

0xpax.xyz

mobilehome1688.com

themotionpartners.com

valueney.com

hattuafhv.quest

js0061gj.net

360metaverse.biz

seculardata.com

346727688.xyz

smartmapom.com

moksel.com

exoduswatchco.com

Targets

- Target
  
  TT copy for our payment.exe
- Size
  
  430KB
- MD5
  
  b87c1e2bb5ba0a04b614ba14b6ef91c2
- SHA1
  
  a02e178c8f33b48f3fa8d548762a29adcc359cac
- SHA256
  
  fc9165f2702032e355b392fe6ada38cfd6e1eceafb5453de7991369addd266a6
- SHA512
  
  36889e872c6eb47d664601c39dc789d016260b348a32f2b26ddffbc7603445f492749d3b0c00c2733a7c8a169fb95aa42b0e46166322ef1379f83f89004358f8
Score

10^/10

formbook r4gk rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2