formbook

General

Target

DSX_AIR_.EXE
Size

764KB
Sample

230125-ltx18shc8v
MD5

2a7e5440b5fb19ba09cfcce1afe85e0f
SHA1

122b7e5c3496c9e7ff528ae800526876c090050d
SHA256

dc0f8440e9ae92761e5e833b22c2448fb0f2900f9a184e823b299c74db5c1085
SHA512

2d313577170221cbf9bb6dd0439f76506c3a4d0d88370af8b350363748953d01847906c0e04c1c09d3e7f2500cb648ee7a21167bcafd0fbe278e2bf700a92ac2
SSDEEP

12288:Ut4gOMtEwcU3gZ+GQzjkATGdszyZtHZlCmWhrjKYQDJxuv64GEabMhwHJ7GPzlfK:uRO6AAgZbQzlGIyZFggDJKES2J7GPzly

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gg62

Decoy

growfast.africa

lerema.com

38945.se

wheelfermotors.africa

giftshareforyou.online

burrismktg.com

keepgrowing.uk

efefhomeless.buzz

bryanokoh.com

fashion-clothing-40094.com

andreasunshine.com

naijahood.africa

aditrirealty.com

kinnoitodatsumou.com

cryptoqzclimax.com

hairly.biz

comeuphither4.com

integrity360.ltd

flushywhole.com

8869365.com

Targets

- Target
  
  DSX_AIR_.EXE
- Size
  
  764KB
- MD5
  
  2a7e5440b5fb19ba09cfcce1afe85e0f
- SHA1
  
  122b7e5c3496c9e7ff528ae800526876c090050d
- SHA256
  
  dc0f8440e9ae92761e5e833b22c2448fb0f2900f9a184e823b299c74db5c1085
- SHA512
  
  2d313577170221cbf9bb6dd0439f76506c3a4d0d88370af8b350363748953d01847906c0e04c1c09d3e7f2500cb648ee7a21167bcafd0fbe278e2bf700a92ac2
- SSDEEP
  
  12288:Ut4gOMtEwcU3gZ+GQzjkATGdszyZtHZlCmWhrjKYQDJxuv64GEabMhwHJ7GPzlfK:uRO6AAgZbQzlGIyZFggDJKES2J7GPzly
Score

10^/10

formbook gg62 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2