formbook | 100a38f41bd7479fffee98011672258611db629db410d4ef622dc2b87ba5b6fe | Triage

Submit
Reports

Overview

overview

Static

static

001130.exe

windows7_x64

001130.exe

windows10_x64

Sharing

General

Target

001130.exe
Size

439KB
Sample

211203-qnysssggdl
MD5

146cd34f4c9b02b767b1fd650341e1c0
SHA1

25f7125f1e02d3addce794b435679159cd1a3225
SHA256

100a38f41bd7479fffee98011672258611db629db410d4ef622dc2b87ba5b6fe
SHA512

cfe7c0cc643a2e75038d199039b7603cc1e232016989ba10ca7a5b6760f74f1d7e635fa3f5b5f529504d62effa5782c289555c132e8b82110a2b18aa9d422147

Score

10^/10

formbook u1bs rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

001130.exe

Resource

win7-en-20211104

formbook u1bs rat spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

001130.exe

Resource

win10-en-20211014

formbook u1bs rat spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

u1bs

C2

http://www.vgmpradio.com/u1bs/

Decoy

ln-safe-keepingmisva4.xyz

rtfh.xyz

awolin.link

metadlf.com

cardboardcasual.com

psicoterapiahablada.com

spaminator.xyz

hnjqzl.top

dentalyinovasi.site

biosynblas.com

zvyk.store

shreevishwakarmaservices.com

showersplash.com

norbert-roth.com

londoncapitaltraders.com

istanbuldonerkebabheroncity.com

realdiscountsnow.com

marlinplumbingwnc.com

magazinadziavane.com

qantv.com

redcardinaldaycare.com

fevxok.com

avp-travaux.com

spielload.com

countrymen.net

loverizzi.online

verbandverse.com

esssc.icu

thealphabrains.com

sleep-lab.pro

fancysquat.com

santasdasd.com

28ssc4.icu

gordonmicah.xyz

readyviewerone.com

242plaza.com

lc-kassel-kurhessen.com

guzram.com

classicitystudios.com

nextvoicetech.com

conectadoseventovirtual.com

chollz.xyz

sdxhbl.com

wilopumps.store

netshopsceilingfans.com

econiq.us

wisconsinfarmstay.com

pharmacie-plaideux.com

kppservices.com

cashprotectionservices.com

365bet356.com

davidandanabelsellshomes.com

bvfymca.net

kakvototakova.com

4bosses700mcc.com

topgamesimple.xyz

neistovo-veliko.online

vespafarmingdale.com

newmexicotitlesearches.com

dunnsdispatching.com

caldirectloans.com

taxitienthanh.com

marabout-serieux-rapide.com

oxygenglobal.net

Targets

- Target
  
  001130.exe
- Size
  
  439KB
- MD5
  
  146cd34f4c9b02b767b1fd650341e1c0
- SHA1
  
  25f7125f1e02d3addce794b435679159cd1a3225
- SHA256
  
  100a38f41bd7479fffee98011672258611db629db410d4ef622dc2b87ba5b6fe
- SHA512
  
  cfe7c0cc643a2e75038d199039b7603cc1e232016989ba10ca7a5b6760f74f1d7e635fa3f5b5f529504d62effa5782c289555c132e8b82110a2b18aa9d422147
Score

10^/10

formbook u1bs rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Command-Line Interface

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbooku1bsratspywarestealersuricatatrojan

behavioral2

formbooku1bsratspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy