formbook

General

Target

Original Shipping documents.rar
Size

734KB
Sample

230208-rlpyjsbe64
MD5

8cc95a29b5fadc04975ccf048bdb2972
SHA1

506f69d37e7a84f61a86f2ae6a49f4f51553404c
SHA256

9453f03883b60dbbaa033c3529dcf915e2ad8e01939913092f0b64938f2eaf12
SHA512

85f2b01c31df16a71b3d1365ad258eb654467770a4df804c475b6c753f1974bfb29172f713c8c6e4418fc09a019afdffa7b02d567a732fe58b927c27c0e31588
SSDEEP

12288:VCuJYPwp4at2d+vqIvs8VhTznwALh6jQKN2Ksea+RuTt8o:3US4a3vLs8VhTkt8KseawuTd

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gg62

Decoy

growfast.africa

lerema.com

38945.se

wheelfermotors.africa

giftshareforyou.online

burrismktg.com

keepgrowing.uk

efefhomeless.buzz

bryanokoh.com

fashion-clothing-40094.com

andreasunshine.com

naijahood.africa

aditrirealty.com

kinnoitodatsumou.com

cryptoqzclimax.com

hairly.biz

comeuphither4.com

integrity360.ltd

flushywhole.com

8869365.com

Targets

- Target
  
  Original Shipping documents.exe
- Size
  
  785KB
- MD5
  
  d511e5a0e42309e6148b3e7f6b9e5bcf
- SHA1
  
  858aade78f8463bca167656c81022f20a7535fb9
- SHA256
  
  342215db36f2fa15a4b72d54cb4e7a7179462dcaab9dc9f791336df867d6d286
- SHA512
  
  ea71544cdc672051dd8b04fb5ec08853fd2c04994b93a1fc1d61f5efcd2a18ac63f01dd9fb64a398eac1e701762aff019886a2baebf971ec4be4aee4b8ea381d
- SSDEEP
  
  24576:IrxN5IC54TWMnp74YTKza8D7ajPhVoo6dlSA:Etgim8QeLmPIvdn
Score

10^/10

formbook gg62 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2