formbook

General

Target

odeme.xl200.exe
Size

515KB
Sample

220706-teg1gaeefk
MD5

e57f53e16f57d9d28cb7c00e3e0c51f3
SHA1

abcd5179dd64504a12d4a854cde93826882e9b43
SHA256

06d8b2fecf78c785a15181b34a74859e87fcec54dd231b13ea9fe79983ba9a95
SHA512

f36b8425f5231d7e8bcc07617ab17bde7db27abcfb49a69e5238b1070b847d0f1acd70fcfd7b793ed80f6751481576e3c33ab3b1e5fadb387634e267b42b79b0

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mh76

Decoy

healthgovcalottery.net

wenxinliao.com

rooterphd.com

bbobbo.one

american-mes-de-dezembro.xyz

mintager.com

thespecialtstore.com

wemakegreenhomes.com

occurandmental.xyz

fidelityrealtytitle.com

numerisat.asia

wearestallions.com

supxl.com

rajacumi.com

renaziv.online

blixtindustries.com

fjljq.com

exploretrivenicamping.com

authenticusspa.com

uucloud.press

Targets

- Target
  
  odeme.xl200.exe
- Size
  
  515KB
- MD5
  
  e57f53e16f57d9d28cb7c00e3e0c51f3
- SHA1
  
  abcd5179dd64504a12d4a854cde93826882e9b43
- SHA256
  
  06d8b2fecf78c785a15181b34a74859e87fcec54dd231b13ea9fe79983ba9a95
- SHA512
  
  f36b8425f5231d7e8bcc07617ab17bde7db27abcfb49a69e5238b1070b847d0f1acd70fcfd7b793ed80f6751481576e3c33ab3b1e5fadb387634e267b42b79b0
Score

10^/10

formbook mh76 rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2