formbook | 338accbef5eae04d0d42f9dbe6de252f622e1743e872f09db964b9b2877ccbfc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

977c08465156ce304148addf3ded1f95.bin
Size

648KB
Sample

230206-lpf7xsge7s
MD5

90102de99241c972197e7ed3fbc15cd2
SHA1

55397efadd8490bbd6890a171e0d553d633915fe
SHA256

338accbef5eae04d0d42f9dbe6de252f622e1743e872f09db964b9b2877ccbfc
SHA512

d9cc33a9e3c15d221d887602330e843f128f24554b49a506257c214fc207bb747f92dd3a44923b4b089ae4068a106894489394b16bf80920e7a9ef5a19290b1f
SSDEEP

12288:EKzWjRPB+MRfH80P+UHeDQV6YLUBzMU+Cqc22rlyZsqnG:zmBrZ8uHqfzKCi2rQG

Score

10^/10

formbook g2fg rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g2fg

Decoy

snowcrash.website

pointman.us

newheartvalve.care

drandl.com

sandspringsramblers.com

programagubernamental.online

boja.us

mvrsnike.com

mentallyillmotherhood.com

facom.us

programagubernamental.store

izivente.com

roller-v.fr

amazonbioactives.com

metaverseapple.xyz

5gt-mobilevsverizon.com

gtwebsolutions.co

scottdunn.life

usdp.trade

pikmin.run

Targets

- Target
  
  b3938532376b8d895ba266de98386155798e984764ea778c43a842a3124ccfde.exe
- Size
  
  839KB
- MD5
  
  977c08465156ce304148addf3ded1f95
- SHA1
  
  129c499bd4480a940c781c527b246bab9f5a5c8b
- SHA256
  
  b3938532376b8d895ba266de98386155798e984764ea778c43a842a3124ccfde
- SHA512
  
  853a20248c284f991027d3e88fde5d5c5831d9511d8e39017830d0eced1bc6d55c236ca0b6c20ce489beec03f7b05dec8d6457903a1438fce0b17d8c05cc2101
- SSDEEP
  
  12288:eNhefaqG4yPaLrDYEVz4gqBGfLoRD+QqfR91lq6Fy2Mxzo3:ebeSqG4yPaLrDY/ELo1KJlq6F0xM
Score

10^/10

formbook g2fg rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

formbookg2fgratspywarestealertrojan