formbook | 7be38caafd74c51f9f934d9d30c635f9d87918467a30d7b1f1282808da06ab2d | Triage

Sharing

General

Target

7be38caafd74c51f9f934d9d30c635f9d87918467a30d7b1f1282808da06ab2d
Size

629KB
Sample

220125-yhdvfadfgl
MD5

d1ff53179fc224c47993ff3232cab612
SHA1

164929ea7e6b82b8e24d1b0e2745ecb0ef770e79
SHA256

7be38caafd74c51f9f934d9d30c635f9d87918467a30d7b1f1282808da06ab2d
SHA512

da31caab8c7cc7e2bca7d76ec172cadfc6b46d6bc0e8d00d6b378fb146126252bcc6111f3de9cb103a8ef0c4ea587157f917fde178e77d696320e24d241670cd

Score

10^/10

formbook g2fg rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g2fg

Decoy

snowcrash.website

pointman.us

newheartvalve.care

drandl.com

sandspringsramblers.com

programagubernamental.online

boja.us

mvrsnike.com

mentallyillmotherhood.com

facom.us

programagubernamental.store

izivente.com

roller-v.fr

amazonbioactives.com

metaverseapple.xyz

5gt-mobilevsverizon.com

gtwebsolutions.co

scottdunn.life

usdp.trade

pikmin.run

Targets

- Target
  
  7be38caafd74c51f9f934d9d30c635f9d87918467a30d7b1f1282808da06ab2d
- Size
  
  629KB
- MD5
  
  d1ff53179fc224c47993ff3232cab612
- SHA1
  
  164929ea7e6b82b8e24d1b0e2745ecb0ef770e79
- SHA256
  
  7be38caafd74c51f9f934d9d30c635f9d87918467a30d7b1f1282808da06ab2d
- SHA512
  
  da31caab8c7cc7e2bca7d76ec172cadfc6b46d6bc0e8d00d6b378fb146126252bcc6111f3de9cb103a8ef0c4ea587157f917fde178e77d696320e24d241670cd
Score

10^/10

formbook g2fg rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookg2fgratspywarestealertrojan