formbook

General

Target

bbgdf.exe
Size

899KB
Sample

230113-nj7tssge64
MD5

916671cc970dfecedd93b15e9f0283c2
SHA1

8d8f433571fc9ca455420383e0974f5161ee65e4
SHA256

610d8fe0411d6fda8b18984c1a2e5d6477cdb587d506b3e82fa189513a4a53ad
SHA512

a69bd989de0339224669a2cad602b93ce5f479647030e94789d6cd03014ac4a07b7c8bd4387ae3027dac9186343ddef99237731aa7e883491298c1472706b48e
SSDEEP

24576:Bb7gh/uy1RSwp0BWdcqyJ/d6pYd7jPGaVZxWQOp:Bb0h/X3/EWByJ/d6pYxGaVvWPp

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sr23

Decoy

permanentstaffing.co.uk

agentecritico.com

alibabas.international

emserviceslimited.com

foodtourmarrakech.com

cossye.com

arrenmorden.com

evensbreeding.com

ig-group.net

bwin6789.com

gift-formula.ru

aaa-arts.com

lovecrust.co.uk

dmiqpnu.com

aarellano.com

kx2386.com

hubersheepequipment.com

goldentrianglecatering.com

libertyguide.info

codilitytech.com

Targets

- Target
  
  bbgdf.exe
- Size
  
  899KB
- MD5
  
  916671cc970dfecedd93b15e9f0283c2
- SHA1
  
  8d8f433571fc9ca455420383e0974f5161ee65e4
- SHA256
  
  610d8fe0411d6fda8b18984c1a2e5d6477cdb587d506b3e82fa189513a4a53ad
- SHA512
  
  a69bd989de0339224669a2cad602b93ce5f479647030e94789d6cd03014ac4a07b7c8bd4387ae3027dac9186343ddef99237731aa7e883491298c1472706b48e
- SSDEEP
  
  24576:Bb7gh/uy1RSwp0BWdcqyJ/d6pYd7jPGaVZxWQOp:Bb0h/X3/EWByJ/d6pYxGaVvWPp
Score

10^/10

formbook sr23 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2