formbook

General

Target

tmp
Size

536KB
Sample

220706-h3dr6sbhh6
MD5

9e70e8a4f264cc5ef9c7cc2c0977ce7f
SHA1

2fdade7cace270aacb774b1079c99f80110da9e1
SHA256

712d9e2373914cd9231c6c55a5d919efa6df53194b2c06b03695501dde071760
SHA512

278b3662e35ee839e197c218e22b32e3f9885b53004dbde163d3e86e91a6e6abbeff9afc4e444181c16b0e75d2b274639870bcafb7b43a9568c88116be66d0da

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m56u

Decoy

tercantiq.com

fortvillechicken.net

spiritsandtheb.com

alliant-inc.biz

yh1902.com

xiaodewenhua.net

cityjobs.xyz

seniorlivingwisconsin.com

piadagrilla.com

truistfinancebank.online

nft-fashionlover.com

hangmandownload.com

chun888.xyz

lemonviral.com

getagrip.network

daniellepinnock.info

chiswickstudios.com

essayservicee.com

bharatpragatifoundation.com

800vn.com

Targets

- Target
  
  tmp
- Size
  
  536KB
- MD5
  
  9e70e8a4f264cc5ef9c7cc2c0977ce7f
- SHA1
  
  2fdade7cace270aacb774b1079c99f80110da9e1
- SHA256
  
  712d9e2373914cd9231c6c55a5d919efa6df53194b2c06b03695501dde071760
- SHA512
  
  278b3662e35ee839e197c218e22b32e3f9885b53004dbde163d3e86e91a6e6abbeff9afc4e444181c16b0e75d2b274639870bcafb7b43a9568c88116be66d0da
Score

10^/10

formbook m56u rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2