formbook

General

Target

SKMBT-283202109080.pdf.exe
Size

570KB
Sample

230214-k24y3scb86
MD5

1b2504eaa55097312bfb5e80d81cf897
SHA1

7c58194fdc6db2123a9f90cb0b921a1859158fbe
SHA256

2fb0a24e905687a5443fbe50d21033e4318da3275260bd82d016a9af346bb09b
SHA512

acf0d7dd8b019d69b6d749ba01ec5a37c4b59fe7e8dd3d8458114d093ad364e6e637500ee15688f58f393458b9f7bb9bac3d160e495d8a171992486dc5ad2184
SSDEEP

12288:EVFFZ6qCmhX6OibPBNXB2Fx2JUkcLtRosYEykcvjSCCMO6apu:i63mlSjmqUkOtusYjkcY1

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gg62

Decoy

growfast.africa

lerema.com

38945.se

wheelfermotors.africa

giftshareforyou.online

burrismktg.com

keepgrowing.uk

efefhomeless.buzz

bryanokoh.com

fashion-clothing-40094.com

andreasunshine.com

naijahood.africa

aditrirealty.com

kinnoitodatsumou.com

cryptoqzclimax.com

hairly.biz

comeuphither4.com

integrity360.ltd

flushywhole.com

8869365.com

Targets

- Target
  
  SKMBT-283202109080.pdf.exe
- Size
  
  570KB
- MD5
  
  1b2504eaa55097312bfb5e80d81cf897
- SHA1
  
  7c58194fdc6db2123a9f90cb0b921a1859158fbe
- SHA256
  
  2fb0a24e905687a5443fbe50d21033e4318da3275260bd82d016a9af346bb09b
- SHA512
  
  acf0d7dd8b019d69b6d749ba01ec5a37c4b59fe7e8dd3d8458114d093ad364e6e637500ee15688f58f393458b9f7bb9bac3d160e495d8a171992486dc5ad2184
- SSDEEP
  
  12288:EVFFZ6qCmhX6OibPBNXB2Fx2JUkcLtRosYEykcvjSCCMO6apu:i63mlSjmqUkOtusYjkcY1
Score

10^/10

formbook gg62 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2