formbook

General

Target

801d5a649bf0cd074fddca06aa31dd5e9662f3b5358e18778f1fad27ca7ffddf
Size

818KB
Sample

230507-efr5haed2t
MD5

42145d737de41409248b1b698e7320fe
SHA1

05c8528ae0606f011d387faeabedf38736e88b79
SHA256

801d5a649bf0cd074fddca06aa31dd5e9662f3b5358e18778f1fad27ca7ffddf
SHA512

f35bb2ed6d188ff2e0253bc71973643631b2c2e8fd63169c2962296b8b74da1909e6d07985c30c3f210c82ba6cd91a43d889b7799b7006a1357d7897d5306594
SSDEEP

12288:hhQCXBYvREMuQwOgcovsQACLnwo9laT472sUkhYRgCSa9isg7GUxYJ:dYv0QgcoUQJLnzoTyRh

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gtt8

Decoy

thesuccessbot.com

rittercivil.com

jt1.fun

d365extension.com

quqoxeq.top

visittworiverswi.com

bfprotienda.com

greenhabitsph.com

ladmere.com

clockboutiques.com

minwart.xyz

xinyuejiancai.online

eggsl.com

fetchingcandles.com

skywatiniya.com

hinkley.news

realityonlineenterprises.com

teamcroissant.com

esfera-pv.ch

herdadedosmontesbastos.com

Targets

- Target
  
  801d5a649bf0cd074fddca06aa31dd5e9662f3b5358e18778f1fad27ca7ffddf
- Size
  
  818KB
- MD5
  
  42145d737de41409248b1b698e7320fe
- SHA1
  
  05c8528ae0606f011d387faeabedf38736e88b79
- SHA256
  
  801d5a649bf0cd074fddca06aa31dd5e9662f3b5358e18778f1fad27ca7ffddf
- SHA512
  
  f35bb2ed6d188ff2e0253bc71973643631b2c2e8fd63169c2962296b8b74da1909e6d07985c30c3f210c82ba6cd91a43d889b7799b7006a1357d7897d5306594
- SSDEEP
  
  12288:hhQCXBYvREMuQwOgcovsQACLnwo9laT472sUkhYRgCSa9isg7GUxYJ:dYv0QgcoUQJLnzoTyRh
Score

10^/10

formbook gtt8 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2