formbook | 0b576117983f942d005bd209239752290a0f97a9b0be5326f4f2d76c8ee416e0 | Triage

Sharing

General

Target

0b576117983f942d005bd209239752290a0f97a9b0be5326f4f2d76c8ee416e0
Size

1.0MB
Sample

220707-tarzwabgc7
MD5

4942c83e6f8149c8ee9765f3c2b27bc7
SHA1

caf483ee54b09acc8b18a298ba42283260906687
SHA256

0b576117983f942d005bd209239752290a0f97a9b0be5326f4f2d76c8ee416e0
SHA512

4033e41aa44513ad425f7e6f0256a28f0a15b7419e7adf45edca82baf5894a0819b57521e9366273ef333d7fdbc154482efa36a9a6e06dddbf7119ffa2485383

Score

10^/10

formbook po23 rat spyware stealer suricata trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

po23

Decoy

jacknull.xyz

commonellc.com

topnotchconstructor.com

thescienceofrecruiting.com

bellydancer.company

iforyo.com

hotgirlsseeking24.online

pelleycivil.com

plumblersnearme.com

helpfundabortionohio.com

wineandview.com

youfather.xyz

xsjxly.com

bnfconsults.com

apeholder.com

oldbutterflyevict.space

nara-happylife.com

frontmountedattachments.com

polizzastore.com

bettor-weather.com

Targets

- Target
  
  0b576117983f942d005bd209239752290a0f97a9b0be5326f4f2d76c8ee416e0
- Size
  
  1.0MB
- MD5
  
  4942c83e6f8149c8ee9765f3c2b27bc7
- SHA1
  
  caf483ee54b09acc8b18a298ba42283260906687
- SHA256
  
  0b576117983f942d005bd209239752290a0f97a9b0be5326f4f2d76c8ee416e0
- SHA512
  
  4033e41aa44513ad425f7e6f0256a28f0a15b7419e7adf45edca82baf5894a0819b57521e9366273ef333d7fdbc154482efa36a9a6e06dddbf7119ffa2485383
Score

10^/10

formbook po23 rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

formbookpo23ratspywarestealersuricatatrojan