formbook

General

Target

swift copy of payment MT301.exe
Size

722KB
Sample

230202-lcgb6ahf2w
MD5

6c8861d0c5093645595b3ff9187b6ebe
SHA1

1ee8d66607c82691ef0efc5a1a7d860fc02a23c2
SHA256

802ef9033535b7c8c8b6844eb030ab8fa10f6427d45d5b7f8339f5d89cff1958
SHA512

949694fd0c528b918e85e2a525a23b64006d4387758eae2e3fab1661bcd15883fce5dea06a05cc74902dd093a6a97f7973b87cac53001707cb8a04b955d79d63
SSDEEP

12288:fxKkMtEwcU3gZ+GQzjkATGdsWMQi4DvvH01VNelXWMUJIiwuYSlSrGo/1Sur:ph6AAgZbQzlGvi4DvvUD+XW6MSVAg

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gg62

Decoy

growfast.africa

lerema.com

38945.se

wheelfermotors.africa

giftshareforyou.online

burrismktg.com

keepgrowing.uk

efefhomeless.buzz

bryanokoh.com

fashion-clothing-40094.com

andreasunshine.com

naijahood.africa

aditrirealty.com

kinnoitodatsumou.com

cryptoqzclimax.com

hairly.biz

comeuphither4.com

integrity360.ltd

flushywhole.com

8869365.com

Targets

- Target
  
  swift copy of payment MT301.exe
- Size
  
  722KB
- MD5
  
  6c8861d0c5093645595b3ff9187b6ebe
- SHA1
  
  1ee8d66607c82691ef0efc5a1a7d860fc02a23c2
- SHA256
  
  802ef9033535b7c8c8b6844eb030ab8fa10f6427d45d5b7f8339f5d89cff1958
- SHA512
  
  949694fd0c528b918e85e2a525a23b64006d4387758eae2e3fab1661bcd15883fce5dea06a05cc74902dd093a6a97f7973b87cac53001707cb8a04b955d79d63
- SSDEEP
  
  12288:fxKkMtEwcU3gZ+GQzjkATGdsWMQi4DvvH01VNelXWMUJIiwuYSlSrGo/1Sur:ph6AAgZbQzlGvi4DvvUD+XW6MSVAg
Score

10^/10

formbook gg62 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2