formbook

General

Target

Ziraat Bankasi Swift Mesaji.exe
Size

515KB
Sample

220706-teg1gagfg5
MD5

10fa9d1cf17c0182373f342fbed0bd8d
SHA1

0f248be8143358714b8775174fd91309ce21c96d
SHA256

1309ca7e7b81db3bea317c139fddf9124c47c3fc4b4113b44fe56af16dc39a88
SHA512

4f0339f58b7fdeae72359c22fc4a8105791ce5dc5c5ded36ad0a04893fe46480d2e8b42ef27efb352c9f473626c79fc5c587e82376209b970d295914444f14e2

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kn30

Decoy

edeniabenz.com

laurenjsettles.com

schwyzerland.com

hdrslh.com

talleresmasabrazos.com

wesdop.xyz

xn--abcj-doab.net

visioresearch.net

vostextes.com

santoriniconciergethira.com

seektrainings.com

dogsocats.com

munjanichemical.com

sapnemekyadekha.online

hiartwork.com

remarquehomebuilders.com

huilege.com

pjslot.net

greatsolutionwebsite.xyz

graciousclothingstore.com

Targets

- Target
  
  Ziraat Bankasi Swift Mesaji.exe
- Size
  
  515KB
- MD5
  
  10fa9d1cf17c0182373f342fbed0bd8d
- SHA1
  
  0f248be8143358714b8775174fd91309ce21c96d
- SHA256
  
  1309ca7e7b81db3bea317c139fddf9124c47c3fc4b4113b44fe56af16dc39a88
- SHA512
  
  4f0339f58b7fdeae72359c22fc4a8105791ce5dc5c5ded36ad0a04893fe46480d2e8b42ef27efb352c9f473626c79fc5c587e82376209b970d295914444f14e2
Score

10^/10

formbook kn30 rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2