Managed XDR

banned-20260601t144500-14561-18 (FormBookFormgrabber) — malware analysis report

File info

Filename
banned-20260601t144500-14561-18
File type
SMTP mail, ASCII text
File size
1.3 MB
First seen
Last seen

Environment

w10/x64 en

Hashes

SHA1
3d37029d841efac7a6f27a1d603005fe474c7977
SHA256
d0e833459ea9d2a4dc2082e9d9bc33bca27906a12431a0b5c73e84eaeaa25fda
MD5
c978e3c3a776dd7e7a151183e057dbad

Malwares

  • FormBookFormgrabber

Signatures

Initial Access

T1192 html_urls: HTML-document downloads a file

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data

Command and Control

T1071.001 network_http: Performs HTTP requests

Other

steganographic_png: Possible malicious steganographic PNG
suricata_alert: Malicious traffic detected
dead_dotnet_downloader_404: Dotnet downloader attempts to connect to a dead host
dotnet_suspicious_module_name: Dotnet program has suspicious module name
suspicious_network_port: Performs TCP or UDP request to non-standard port
yara_rules: Static rules

Related reports