formbook

General

Target

inquiry.exe
Size

763KB
Sample

220725-k43tssbgdk
MD5

b925e8efec4bb9d7aeb0942999de6d93
SHA1

f67ee80014f98136c12d2c72f155bd2371b9df84
SHA256

b3592dda04b6002e7edf6dc1fd693ce34f0e592e305ed55b226d25a635033c33
SHA512

c2bed2d02391da41f9210b51adaf4990e1a60140ad63d2de200ff62ab9dfe376aef89b2a33c1f0d6ee079eca3cb7f051deeed36adafde249987f730abe5989f7

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ja38

Decoy

check-info-asked.com

d1g1tal-loops.com

jouw-server.online

xn--9l4b93h4ub.com

jju21.com

johndivine.com

boardinghouses.net

evergreeneq.com

lovemya.xyz

szovegmuhely.com

worldwidedatazehn.net

hollandmulchus.com

mhcbrokers.com

brainwellnesssolutions.com

creatioconsultants.com

troyleedesign.store

hayebenefits.com

atom-ontherox.com

pacificoakllc.com

nailonika.online

Targets

- Target
  
  inquiry.exe
- Size
  
  763KB
- MD5
  
  b925e8efec4bb9d7aeb0942999de6d93
- SHA1
  
  f67ee80014f98136c12d2c72f155bd2371b9df84
- SHA256
  
  b3592dda04b6002e7edf6dc1fd693ce34f0e592e305ed55b226d25a635033c33
- SHA512
  
  c2bed2d02391da41f9210b51adaf4990e1a60140ad63d2de200ff62ab9dfe376aef89b2a33c1f0d6ee079eca3cb7f051deeed36adafde249987f730abe5989f7
Score

10^/10

formbook ja38 rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2