formbook

General

Target

c9159ff175e40dca87117d9f48c89af5e096cc214b8af58da93db8cb4a75e7f4
Size

415KB
Sample

220511-c4b23sgecn
MD5

bdb205f2b2250970a3feb5a621f8875b
SHA1

bae130111494303eb686a5562e794121a8cd307f
SHA256

c9159ff175e40dca87117d9f48c89af5e096cc214b8af58da93db8cb4a75e7f4
SHA512

97c41b5369b8902bde98059038774fea618d1071423104ef05c6c0c4fed4e28a28d028dd9dfb8c76f08d12e1256bacc13e3eb2625fe817b4c8a248cdb7d0384e

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bnc

Decoy

iseoguide.com

rogerellisonline.com

thephonelenses.com

reddystone.com

explorehokianga.com

miaflcio.vote

baonihaochi.com

thewiseengineer.com

exciplexinc.com

luewaeeqaredre.com

atharvatechnologysolutions.com

vnsr1234.com

nationswines.com

toaglobalcc.com

texasbusrental.com

sailfishingcostarica.com

superbuy.today

mode-paradox.com

soperlz.xyz

filterdance.com

Targets

- Target
  
  c9159ff175e40dca87117d9f48c89af5e096cc214b8af58da93db8cb4a75e7f4
- Size
  
  415KB
- MD5
  
  bdb205f2b2250970a3feb5a621f8875b
- SHA1
  
  bae130111494303eb686a5562e794121a8cd307f
- SHA256
  
  c9159ff175e40dca87117d9f48c89af5e096cc214b8af58da93db8cb4a75e7f4
- SHA512
  
  97c41b5369b8902bde98059038774fea618d1071423104ef05c6c0c4fed4e28a28d028dd9dfb8c76f08d12e1256bacc13e3eb2625fe817b4c8a248cdb7d0384e
Score

10^/10

formbook bnc rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2