formbook

General

Target

Halkbank,pdf.rar
Size

584KB
Sample

230125-ml5xjsfg34
MD5

c5419c35b9c20fb07216aaecb7c7fde1
SHA1

aea3b88fd53a750c13f092882972f52aa5461fcc
SHA256

7fa3be6313a31933b762a1eb84a4913ff764c30adebedec0d848d6ff78a9488f
SHA512

b925312adb98ed0d28cba8775cb86bffb4601a10d85d58266f900675d3b4729f8a00a848d7557a3a64fcf2b6deb3700ab3e38b3b4093830f2329c6b2402b22d9
SSDEEP

12288:CvwM5P5suCYj8aoqoD6zeCP4VqCaTO1xyb50J9raYb7rEPI3N41QF:4wM5P5Hlj8zqRwsm1xybCJ9rPbEwK8

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gg62

Decoy

growfast.africa

lerema.com

38945.se

wheelfermotors.africa

giftshareforyou.online

burrismktg.com

keepgrowing.uk

efefhomeless.buzz

bryanokoh.com

fashion-clothing-40094.com

andreasunshine.com

naijahood.africa

aditrirealty.com

kinnoitodatsumou.com

cryptoqzclimax.com

hairly.biz

comeuphither4.com

integrity360.ltd

flushywhole.com

8869365.com

Targets

- Target
  
  Halkbank,pdf.exe
- Size
  
  748KB
- MD5
  
  3e0ff29b04ce9b6ca93fe26eae5ea271
- SHA1
  
  c9c29504bd24e3c7ac591ec1312e32a9c5623a3f
- SHA256
  
  f79a020cedb43bbd1f4948a2566d081fed934d56f871741d2548f792e8800e7b
- SHA512
  
  3e9e18cd7addfa2b7cf8cfc4ccb5bc7da55ff2951c72456dd57b653e239cbbabc265871da0674a8f9251150b94ba045aa95f2413669dac4163f21fabeb5046f9
- SSDEEP
  
  12288:k9posleqpoUIGApUa0h3hnzEcWjPX8UBhxE1q1feA+rsnKrFEcFXL1GH/h8:kEsMzG9Zhz0rDDxQq1febr
Score

10^/10

formbook gg62 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2