formbook

General

Target

INV No. SMEPL03122-23 & PL.pdf.exe
Size

578KB
Sample

220630-gcbpfsgbfr
MD5

59596155c337dcf53ce09d9fe86a289f
SHA1

613ef8cb6aa875f406905f68d4e42e4509e36bb9
SHA256

b575be29720f27a08220d8b155e68bb70cd1f0d3a9a3bfb261873f3fa639d6b6
SHA512

350d8812c71eed902334ec66efc15a916ecd91a97f789b75d57674a249be0738a9b41dcdc8229fed99f4e5cf7b1194c0b49e1045803e3513a0557d9ae43af52f

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ba17

Decoy

bearwant.com

sdsguanfang.com

steamcommunityvia.top

sugarplumtreasures.com

koronislakefishing.com

jmae.xyz

xhxnqemkiqe.xyz

playzcrew.com

zatwsbq.com

lankofix.com

sh-zhepeng.com

mibodamisxv.online

butterflyjewelry.store

finestrecitalto-spottoday.info

globomateria.com

royalmdarts.com

d4af10836709.com

shepwill.com

67aldrich.info

trustedmakers.club

Targets

- Target
  
  INV No. SMEPL03122-23 & PL.pdf.exe
- Size
  
  578KB
- MD5
  
  59596155c337dcf53ce09d9fe86a289f
- SHA1
  
  613ef8cb6aa875f406905f68d4e42e4509e36bb9
- SHA256
  
  b575be29720f27a08220d8b155e68bb70cd1f0d3a9a3bfb261873f3fa639d6b6
- SHA512
  
  350d8812c71eed902334ec66efc15a916ecd91a97f789b75d57674a249be0738a9b41dcdc8229fed99f4e5cf7b1194c0b49e1045803e3513a0557d9ae43af52f
Score

10^/10

formbook ba17 rat spyware stealer trojan suricata
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2