formbook

General

Target

LSP63103.EXE
Size

643KB
Sample

220615-kz463acgdq
MD5

5e3b856fd3ea5e1dc91c79db317a4b19
SHA1

25f969391c43fe125bf6d9162a54d5ae5da2cf62
SHA256

835ad427cf84c1e97ad98d95c765125ca7629d62657dbfb6bf82327223e573b0
SHA512

2f322edc88b06f8e15626e5da06576a3f0ca150cf7f4e63aa21a92090994f4aeca4b82bfe40b527811799fa20bca7b86b14a42649f6585aebe642500b8057b02

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d94e

Decoy

123456yudang.com

t-eros.com

genesis-urban.com

gartersnake.xyz

freshinews24.com

molasendo.com

365889.xyz

multiverso-digital.com

nahlabalmsales.com

cashyoga.space

momtipsblog.com

uktbc.xyz

hu6aecfzts33zz.life

luxuryholic.com

wtsgdy.com

bathroomrenovationscenter.club

mouradhw7.xyz

sehoonp.com

danplace.com

zc006.xyz

Targets

- Target
  
  LSP63103.EXE
- Size
  
  643KB
- MD5
  
  5e3b856fd3ea5e1dc91c79db317a4b19
- SHA1
  
  25f969391c43fe125bf6d9162a54d5ae5da2cf62
- SHA256
  
  835ad427cf84c1e97ad98d95c765125ca7629d62657dbfb6bf82327223e573b0
- SHA512
  
  2f322edc88b06f8e15626e5da06576a3f0ca150cf7f4e63aa21a92090994f4aeca4b82bfe40b527811799fa20bca7b86b14a42649f6585aebe642500b8057b02
Score

10^/10

formbook d94e rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2