formbook

General

Target

PO2519.exe
Size

355KB
Sample

211116-qxnn7ababk
MD5

a633eb11fe171ab39947eb5aeac5a53e
SHA1

8a9cd18aaf878f154c39cc5c0166058e8cef0118
SHA256

c23812e47b45194a635d475e9a3b5e73d0b8f2dbb29bb92bbfba3333afee8be8
SHA512

bfbc45e65511d8331bf20249cec30ff5308bc2a2388d2ec89567fe925c47c0bab76b1dc9ad10d8257c37d2eb3706d2a57cf3f83910d0c39d48aa8bf0d9d14e28

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

9gr5

C2

http://www.cuteprofessionalscrubs.com/9gr5/

Decoy

newleafcosmetix.com

richermanscastle.com

ru-remonton.com

2diandongche.com

federaldados.design

jeffreycookweb.com

facecs.online

xmeclarn.xyz

olgasmith.xyz

sneakersonlinesale.com

playboyshiba.com

angelamiglioli.com

diitaldefynd.com

whenevergames.com

mtheartcustom.com

vitalactivesupply.com

twistblogr.com

xn--i8s140at3d6u7c.tel

baudelaireelhakim.com

real-estate-miami-searcher.site

Targets

- Target
  
  PO2519.exe
- Size
  
  355KB
- MD5
  
  a633eb11fe171ab39947eb5aeac5a53e
- SHA1
  
  8a9cd18aaf878f154c39cc5c0166058e8cef0118
- SHA256
  
  c23812e47b45194a635d475e9a3b5e73d0b8f2dbb29bb92bbfba3333afee8be8
- SHA512
  
  bfbc45e65511d8331bf20249cec30ff5308bc2a2388d2ec89567fe925c47c0bab76b1dc9ad10d8257c37d2eb3706d2a57cf3f83910d0c39d48aa8bf0d9d14e28
Score

10^/10

formbook 9gr5 rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Blocklisted process makes network request
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Blocklisted process makes network request

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2