formbook

General

Target

5aba30b8afa29acf7f0f41f57a4d3ff06c4eca3b2d419af939c8454a36b896cb
Size

690KB
Sample

221130-wfeylseg7z
MD5

73adcf50af6c81fde794641905ccd684
SHA1

3110cd16fd15090a7504dd6f0d743a70e55fe730
SHA256

5aba30b8afa29acf7f0f41f57a4d3ff06c4eca3b2d419af939c8454a36b896cb
SHA512

2dd7f2a4c3684b0aa3fb6a955548bd27cc52bb4a63832d461b5dbbab7413944c4672a5d8bdff465c3da22775c67329b4e703915ae3d952f04b7ec22d2075a90f
SSDEEP

12288:PzekXkQy/ofowC4QmK5T74B6ZJl+dtFPH+XEaoApCJWX0HSx548:rQgpVK5T74B6Zn+tPe7Xp8WX0yxN

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gtl

Decoy

45687g.net

graveimport.com

bulldogsgear.com

service-support.email

uhzcflg.icu

zebradefensefund.com

make10xhappen.com

ecotegral.online

stillatwink.site

onwardatlanta.com

real-optionstheory.com

madbearcustomwoodworking.com

adelinekaczmarek.com

elia-lca.com

tinykreations.com

rawlinsrealty.info

ubcholdings.com

searko.com

lepinedoree.com

fundsrecoveryexperts.com

Targets

- Target
  
  5aba30b8afa29acf7f0f41f57a4d3ff06c4eca3b2d419af939c8454a36b896cb
- Size
  
  690KB
- MD5
  
  73adcf50af6c81fde794641905ccd684
- SHA1
  
  3110cd16fd15090a7504dd6f0d743a70e55fe730
- SHA256
  
  5aba30b8afa29acf7f0f41f57a4d3ff06c4eca3b2d419af939c8454a36b896cb
- SHA512
  
  2dd7f2a4c3684b0aa3fb6a955548bd27cc52bb4a63832d461b5dbbab7413944c4672a5d8bdff465c3da22775c67329b4e703915ae3d952f04b7ec22d2075a90f
- SSDEEP
  
  12288:PzekXkQy/ofowC4QmK5T74B6ZJl+dtFPH+XEaoApCJWX0HSx548:rQgpVK5T74B6Zn+tPe7Xp8WX0yxN
Score

10^/10

formbook gtl rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2