Malware Signature

The following table shows a list of malware samples and the corresponding botnet C&C (ip:port) associated with Formbook

Database Entry


Malware:Formbook
First seen:2018-10-24 12:32:09 UTC
Last seen:2021-11-29 10:03:37 UTC

Malware Samples


The table below documents all malware samples associated with this malware family.

Timestamp (UTC)Malware Sample (MD5 hash)VTSignatureBotnet C&C (IP:port)
2021-11-29 10:03:37ef3ede1c01478a047ebf21f074405803n/aFormbook194.85.248.114:3462
2021-11-09 04:47:473c1bcfc5e5d1327746d9e8d3fdb5b49fVirustotal results 40 / 69 (57.97%) Formbook95.217.25.51:443
2021-11-08 16:54:42a8e8514aa8b9f6be0d29a25b9b7c8213Virustotal results 50 / 69 (72.46%) Formbook95.217.25.51:443
2021-03-01 13:44:2169bfa531e85418726ff2d7fbc2193418n/aFormbook152.89.247.27:1210
2021-03-01 13:44:2169bfa531e85418726ff2d7fbc2193418n/aFormbook152.89.247.27:1210
2021-02-21 22:06:3893230f71f7d6f961b29340ed111be2fdVirustotal results 39 / 70 (55.71%) Formbook180.97.251.173:443
2021-02-21 22:06:3893230f71f7d6f961b29340ed111be2fdVirustotal results 39 / 70 (55.71%) Formbook180.97.251.173:443
2021-02-05 18:08:3238f952ffa3caf6aa34e98a27d553a5b3n/aFormbook193.161.193.99:50232
2021-02-05 18:08:3238f952ffa3caf6aa34e98a27d553a5b3n/aFormbook193.161.193.99:50232
2020-12-29 00:09:295934e6333c7581e6bcf0850aee157c8aVirustotal results 38 / 64 (59.38%) Formbook139.59.23.248:3439
2020-12-29 00:09:295934e6333c7581e6bcf0850aee157c8aVirustotal results 38 / 64 (59.38%) Formbook139.59.23.248:3439
2020-05-03 17:14:31853f6e02c88f2cf9856e568960a07334Virustotal results 46 / 72 (63.89%) FormBook139.28.222.104:443
2020-05-03 17:14:31853f6e02c88f2cf9856e568960a07334Virustotal results 46 / 72 (63.89%) FormBook5.45.71.35:443
2020-05-03 17:14:31853f6e02c88f2cf9856e568960a07334Virustotal results 46 / 72 (63.89%) FormBook139.28.222.104:443
2020-05-03 17:14:31853f6e02c88f2cf9856e568960a07334Virustotal results 46 / 72 (63.89%) FormBook5.45.71.35:443
2018-10-24 12:32:090860842b566151ffbd57a2825ed95a9fVirustotal results 36/67 (53.73%) Formbook54.39.81.120:443
2018-10-24 12:32:090860842b566151ffbd57a2825ed95a9fVirustotal results 36/67 (53.73%) Formbook54.39.81.120:443