formbook

General

Target

Draft BL_SITINSV045627G_FDONS2108005.exe
Size

615KB
Sample

220707-j95pxagfek
MD5

e42ad53a0214d4cc02087734b6f98579
SHA1

9b92beb48c524d52038adf4cce7f3f88b0c79cfe
SHA256

62b5f6f6f6c927d64b44c87c8897e3fb082b214b046dcad4a0f1a8080f4a28ed
SHA512

e86cdc87fb6e09f5cec405369481c360ed6fc8f2893d61903e7270883997bbb7330a8d8eb100924b2fd0b253cc4f02d55a4087462d79248f5de609a265ffb19e

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

df48

Decoy

tinder.pw

flowersfoodsbrands.net

broadbandbangalore.com

wittyhealthy.com

mediking.online

pounchbowl.com

gridkart.com

mobrtho.com

starlinerecruitment.com

ernieswinesandliquors.com

dsbvgf.com

messiahbaptist.church

sumsandals.com

familieheineken.online

fikifika.com

beg.wtf

euroconsult.net

radiologist24.com

fuji-privatevilla.com

flemming.store

Targets

- Target
  
  Draft BL_SITINSV045627G_FDONS2108005.exe
- Size
  
  615KB
- MD5
  
  e42ad53a0214d4cc02087734b6f98579
- SHA1
  
  9b92beb48c524d52038adf4cce7f3f88b0c79cfe
- SHA256
  
  62b5f6f6f6c927d64b44c87c8897e3fb082b214b046dcad4a0f1a8080f4a28ed
- SHA512
  
  e86cdc87fb6e09f5cec405369481c360ed6fc8f2893d61903e7270883997bbb7330a8d8eb100924b2fd0b253cc4f02d55a4087462d79248f5de609a265ffb19e
Score

10^/10

formbook df48 rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2