formbook

General

Target

Ziraat Bankasi Swift Mesaji.exe
Size

457KB
Sample

220613-hcbvwsecak
MD5

bfd5416efae1ecc1517f4b286c30b655
SHA1

6debd272160fe05b0c3397f612f1c8e7d005f376
SHA256

7f64aa4801b0cbae5fdda52ae4fe848ef03650a4dec91b4f4d5131a0def6b464
SHA512

4e29a8d547abaed04837a4e02a0b47b5b8d1a8fc435eadcb8115b5b4d3464c5239aef5a25becfb995a0f3da2536bce798bcf944d422a7211d2aef3725e8ff7c4

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pr28

Decoy

warehouseufohighbay.com

kingasia77.xyz

americanoutfittes.com

jemodaevangica.com

holigantv82.com

creamkidslife.com

skillzplanetoutreach.com

goldencityofficial.com

choiceaccessorise.com

kdgkzy.com

patra.tech

chicaglo.com

9491countyroad106.com

theultracleanser.com

lesmacarons.biz

kfaluminum.com

institutodiversidade.com

woodanqnmz.store

teslabuyerusa.com

cityofbastop.com

Targets

- Target
  
  Ziraat Bankasi Swift Mesaji.exe
- Size
  
  457KB
- MD5
  
  bfd5416efae1ecc1517f4b286c30b655
- SHA1
  
  6debd272160fe05b0c3397f612f1c8e7d005f376
- SHA256
  
  7f64aa4801b0cbae5fdda52ae4fe848ef03650a4dec91b4f4d5131a0def6b464
- SHA512
  
  4e29a8d547abaed04837a4e02a0b47b5b8d1a8fc435eadcb8115b5b4d3464c5239aef5a25becfb995a0f3da2536bce798bcf944d422a7211d2aef3725e8ff7c4
Score

10^/10

formbook pr28 rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2