formbook

General

Target

Reversed Invoice for new products.rar
Size

413KB
Sample

211031-xtv3esdahn
MD5

d45ededc04546f216a4f38999bef2320
SHA1

bc8d89964580438158776b8727e08d22dcf41fa7
SHA256

afef0a80915c7ebea814b4b1a93170067eab6d25b37ae0798c1950cd382577a4
SHA512

9ba1e123108a3b35f9665e15a37e6c203252a75bf016075fc16aff096772d6d7f9001f227a67a31a114c621d2ea9b1478ff56fb15f6836f85711538f9b60fd1b

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

r4gk

C2

http://www.aprilsaak.quest/r4gk/

Decoy

quantalix.com

animalblog-eggs.com

039skz.xyz

guttas.net

lasantadayparty.com

protegerfinanceservices.com

vixtest.xyz

digitaleconomy.global

0xpax.xyz

mobilehome1688.com

themotionpartners.com

valueney.com

hattuafhv.quest

js0061gj.net

360metaverse.biz

seculardata.com

346727688.xyz

smartmapom.com

moksel.com

exoduswatchco.com

Targets

- Target
  
  Reversed Invoice for new products.exe
- Size
  
  588KB
- MD5
  
  c143e48329117200f2fed704dd8a3427
- SHA1
  
  14bf703e576ff1b76b9ad540fda7bbdd748e78c0
- SHA256
  
  1910bc92f591b3feb607aac1518fe2cc6c834b627b76637cb27464006e072a22
- SHA512
  
  6bf52af4e5ffdf845f154e1e81b98ab8f46136379b5e3ba9152243b9a3906566862df6e0171f0036214de2901d3212d42af0a12db06ca2cd999577dc14b52ff5
Score

10^/10

formbook r4gk rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2