formbook

General

Target

d8d8a2af9b26764004323afcb393879266daaf40afd026894b311424b50d8ff5.zip
Size

227KB
Sample

230310-m1g42ach96
MD5

343336d843591e9045f19fef085b310d
SHA1

120cda05d8717df7f6520489866f4715b4f659c8
SHA256

75cad3b006c75ab9361842884a4937580a3e3cbcbb8e583843e55f934a4ea6d8
SHA512

dc6b995ef4bd759b978f9988783dd1a0ea5ad601492607ec730adc5bec085d0c784b3c4d38370488cc9a3a6cf5d933356176c4746b6042b0be3e7c7ab0d992bd
SSDEEP

6144:GXSvi3QVZ9/pdpdXW+xPgLIsmU2yS1NtMB6xqTpdUqL:S8TvjXW+xPGIsmjHMUxqTpZ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gt48

Decoy

flusskiesel.studio

txweiqi.com

bestsnowboardingincolorado.com

aceroyrodio.com

antoniafredrik.se

iskugo.club

lifehightech.com

emotionalsupporthedgehogs.com

911527.com

familyblinn.online

family-doctor-90847.com

importadosjl.shop

arobaz-solutions.com

ibobetgogo.com

trippincreative.com

funnyjokeday.com

doktorhizmeti.xyz

contentteam.co.uk

iyaarirealestate.com

atomikoldschools.com

Targets

- Target
  
  d8d8a2af9b26764004323afcb393879266daaf40afd026894b311424b50d8ff5.exe
- Size
  
  241KB
- MD5
  
  02eefca081505168a313a927977e02e5
- SHA1
  
  4ff60a4b15d4ed1cc3733676a25b929962d64d4b
- SHA256
  
  d8d8a2af9b26764004323afcb393879266daaf40afd026894b311424b50d8ff5
- SHA512
  
  0f8a33342682c1e8a4c3b096c91e26cf9b18d48a28e0eaae2af450e637b3e6a00a075a6fd315ef7737e88a132005877e7af5959240452642ddadefee65ac537e
- SSDEEP
  
  6144:NYa6Juz8BMG9jCpNLw3ODiHVmyfvYUeEu0UIE:NYf5RiNymryfvYUi0UT
Score

10^/10

formbook gt48 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2