formbook

General

Target

Purchase Order.exe
Size

918KB
Sample

220711-kwkm9aaaa3
MD5

dfb77ce7f7b49f520241aa2a747d9203
SHA1

304dd96dad67b02214ebd10198baacfb7428a08a
SHA256

3b2aed15298aa9110cc90c069742839fdc9ddb24f91a8269284a504a5ba1fb9c
SHA512

57fd6052c133843cc4e4d7878eed74a8eeb466da8923e62995aceb84788573c9088d48303d79cf36839751c5307ef2d00a8ec99d40ea9e5108f047be32d6563a

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ja38

Decoy

check-info-asked.com

d1g1tal-loops.com

jouw-server.online

xn--9l4b93h4ub.com

jju21.com

johndivine.com

boardinghouses.net

evergreeneq.com

lovemya.xyz

szovegmuhely.com

worldwidedatazehn.net

hollandmulchus.com

mhcbrokers.com

brainwellnesssolutions.com

creatioconsultants.com

troyleedesign.store

hayebenefits.com

atom-ontherox.com

pacificoakllc.com

nailonika.online

Targets

- Target
  
  Purchase Order.exe
- Size
  
  918KB
- MD5
  
  dfb77ce7f7b49f520241aa2a747d9203
- SHA1
  
  304dd96dad67b02214ebd10198baacfb7428a08a
- SHA256
  
  3b2aed15298aa9110cc90c069742839fdc9ddb24f91a8269284a504a5ba1fb9c
- SHA512
  
  57fd6052c133843cc4e4d7878eed74a8eeb466da8923e62995aceb84788573c9088d48303d79cf36839751c5307ef2d00a8ec99d40ea9e5108f047be32d6563a
Score

10^/10

formbook ja38 rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2