formbook

General

Target

invoice dhl.delivery document and original invoice sign.exe
Size

439KB
Sample

211202-txhdysadfl
MD5

ebce26da75669d94dbc0550bf394b204
SHA1

bcc8f769e51cd9f8a160e58840f80a008e2b72e2
SHA256

5fef546d71e9ed9f2e457bfd9aeb23a42a5074af37599c7fe4dcfeb8f687723c
SHA512

0e87adccb6d3ca4ea2ee2e101a20ea81437e3f774dd3296c264c92ce763adacacbe1a8a4b9b6226c0b8403569c716fd5fcc55820ea4a0575172d396bae432ed0

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

9gr5

C2

http://www.cuteprofessionalscrubs.com/9gr5/

Decoy

newleafcosmetix.com

richermanscastle.com

ru-remonton.com

2diandongche.com

federaldados.design

jeffreycookweb.com

facecs.online

xmeclarn.xyz

olgasmith.xyz

sneakersonlinesale.com

playboyshiba.com

angelamiglioli.com

diitaldefynd.com

whenevergames.com

mtheartcustom.com

vitalactivesupply.com

twistblogr.com

xn--i8s140at3d6u7c.tel

baudelaireelhakim.com

real-estate-miami-searcher.site

Targets

- Target
  
  invoice dhl.delivery document and original invoice sign.exe
- Size
  
  439KB
- MD5
  
  ebce26da75669d94dbc0550bf394b204
- SHA1
  
  bcc8f769e51cd9f8a160e58840f80a008e2b72e2
- SHA256
  
  5fef546d71e9ed9f2e457bfd9aeb23a42a5074af37599c7fe4dcfeb8f687723c
- SHA512
  
  0e87adccb6d3ca4ea2ee2e101a20ea81437e3f774dd3296c264c92ce763adacacbe1a8a4b9b6226c0b8403569c716fd5fcc55820ea4a0575172d396bae432ed0
Score

10^/10

formbook 9gr5 rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2