formbook

General

Target

1.exe
Size

652KB
Sample

211029-j2p99ahfdp
MD5

ab6287e540cccfff7fc470053db92302
SHA1

09387a7e22e87c9555cd8abc2a9801c6e678dc05
SHA256

f31eb9a6841607a9a9cf253ef2ad8d27ac6d13289ee5420ebcf7f0f47ef46736
SHA512

3e641de591b8385408a476449cb5015d423e7ddf76b7da6299e5ff32e5d63a2fc9339c8fb21b016e457558b2e71d5d84a3ea5d949c49e42806ad729347e32da2

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

snr6

C2

http://www.reynbetgirisi.com/snr6/

Decoy

jjglassmi1.com

vpsseattle.com

drfllc.top

staycoolonline.com

eptlove.com

solusimatasehat.site

ionrarecharlestonproperties.com

b3eflucg.xyz

tvchosun-usa.com

mmahzxwzsadqlshop.life

gospelimport.com

demoapps.website

jackburst54.com

99rocket.education

ccbwithbri.com

trapperairsoft.com

useroadly.com

ralphlaurenonline-nl.com

loanmaster4u.com

champ-beauty-tomigaoka-nail.com

Targets

- Target
  
  1.exe
- Size
  
  652KB
- MD5
  
  ab6287e540cccfff7fc470053db92302
- SHA1
  
  09387a7e22e87c9555cd8abc2a9801c6e678dc05
- SHA256
  
  f31eb9a6841607a9a9cf253ef2ad8d27ac6d13289ee5420ebcf7f0f47ef46736
- SHA512
  
  3e641de591b8385408a476449cb5015d423e7ddf76b7da6299e5ff32e5d63a2fc9339c8fb21b016e457558b2e71d5d84a3ea5d949c49e42806ad729347e32da2
Score

10^/10

formbook snr6 rat spyware stealer trojan suricata
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2