formbook

General

Target

Ziraat Bankasi Swift Mesaji.exe
Size

691KB
Sample

220611-ppgegaecep
MD5

82e5f8445f104069e52ac321d6deb453
SHA1

ea88106784cdd3de5f936242760c04a00ff90760
SHA256

b38804166eadbfa83edfbbb26115a35bc284af64a8e3429c3011a13965fdcbf2
SHA512

7495a30e490294124cb8adb58ca27cba56d4fd9b9289d8717cb59e3c51827844908c03c9c17fd82d7a4cfea530c7b21419bc5811fe299cb82f986ee7a1902338

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pr28

Decoy

warehouseufohighbay.com

kingasia77.xyz

americanoutfittes.com

jemodaevangica.com

holigantv82.com

creamkidslife.com

skillzplanetoutreach.com

goldencityofficial.com

choiceaccessorise.com

kdgkzy.com

patra.tech

chicaglo.com

9491countyroad106.com

theultracleanser.com

lesmacarons.biz

kfaluminum.com

institutodiversidade.com

woodanqnmz.store

teslabuyerusa.com

cityofbastop.com

Targets

- Target
  
  Ziraat Bankasi Swift Mesaji.exe
- Size
  
  691KB
- MD5
  
  82e5f8445f104069e52ac321d6deb453
- SHA1
  
  ea88106784cdd3de5f936242760c04a00ff90760
- SHA256
  
  b38804166eadbfa83edfbbb26115a35bc284af64a8e3429c3011a13965fdcbf2
- SHA512
  
  7495a30e490294124cb8adb58ca27cba56d4fd9b9289d8717cb59e3c51827844908c03c9c17fd82d7a4cfea530c7b21419bc5811fe299cb82f986ee7a1902338
Score

10^/10

formbook pr28 rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2