formbook

General

Target

REVISED PURCHASE ORDER.exe
Size

913KB
Sample

230208-ntg15aaa5y
MD5

41ab5bbead147ca7db73d398076e3fd9
SHA1

a0ebaff7957bf8799a03cca6ac70e8231d75eeec
SHA256

686802626b55d584dba9bb97f1a9c6b61cdb1f56ab9362cb57b333109ed3a486
SHA512

9b451126a7d5e90c51b560f6e0f6699741d7d7f32756eb9e05a2d38f6a3bd14ae540781b4d874a0e3db5e4650a588296892a12e09e78fff62cfb414f2ee01b3e
SSDEEP

24576:l1BFwfrxN5IC54TWM/G9PXswdhfi+KOE9udmifzoaAneetX:lSjtgi55cw6+zOQmifze

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gg62

Decoy

growfast.africa

lerema.com

38945.se

wheelfermotors.africa

giftshareforyou.online

burrismktg.com

keepgrowing.uk

efefhomeless.buzz

bryanokoh.com

fashion-clothing-40094.com

andreasunshine.com

naijahood.africa

aditrirealty.com

kinnoitodatsumou.com

cryptoqzclimax.com

hairly.biz

comeuphither4.com

integrity360.ltd

flushywhole.com

8869365.com

Targets

- Target
  
  REVISED PURCHASE ORDER.exe
- Size
  
  913KB
- MD5
  
  41ab5bbead147ca7db73d398076e3fd9
- SHA1
  
  a0ebaff7957bf8799a03cca6ac70e8231d75eeec
- SHA256
  
  686802626b55d584dba9bb97f1a9c6b61cdb1f56ab9362cb57b333109ed3a486
- SHA512
  
  9b451126a7d5e90c51b560f6e0f6699741d7d7f32756eb9e05a2d38f6a3bd14ae540781b4d874a0e3db5e4650a588296892a12e09e78fff62cfb414f2ee01b3e
- SSDEEP
  
  24576:l1BFwfrxN5IC54TWM/G9PXswdhfi+KOE9udmifzoaAneetX:lSjtgi55cw6+zOQmifze
Score

10^/10

formbook gg62 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2