formbook

General

Target

e7c0f1c7d8be3a2927c65cbdf4a2f0dd835b4bcf81eea19a00e50d1fc1a191d9
Size

644KB
Sample

230507-jwabvaab9w
MD5

f1af018a2abde6c99bf5804181485dbe
SHA1

752fe437cc1d88f7a7d3726a343485adcd98d4cd
SHA256

e7c0f1c7d8be3a2927c65cbdf4a2f0dd835b4bcf81eea19a00e50d1fc1a191d9
SHA512

65d69213e5bfc0e94dea072a518f784052e2fe59890a2688b886d48130664bb41d95ca07047be42f3eebecd3522651bb377cda9a2f219f6870e0debe79816fde
SSDEEP

12288:uFWVF4zUktye4I80ail1zjOPyxoaEefbpr/ACAv93z7PiOK:u4VS5tn40aI1mP4oFeDpr/+v93XaOK

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gtt8

Decoy

thesuccessbot.com

rittercivil.com

jt1.fun

d365extension.com

quqoxeq.top

visittworiverswi.com

bfprotienda.com

greenhabitsph.com

ladmere.com

clockboutiques.com

minwart.xyz

xinyuejiancai.online

eggsl.com

fetchingcandles.com

skywatiniya.com

hinkley.news

realityonlineenterprises.com

teamcroissant.com

esfera-pv.ch

herdadedosmontesbastos.com

Targets

- Target
  
  e7c0f1c7d8be3a2927c65cbdf4a2f0dd835b4bcf81eea19a00e50d1fc1a191d9
- Size
  
  644KB
- MD5
  
  f1af018a2abde6c99bf5804181485dbe
- SHA1
  
  752fe437cc1d88f7a7d3726a343485adcd98d4cd
- SHA256
  
  e7c0f1c7d8be3a2927c65cbdf4a2f0dd835b4bcf81eea19a00e50d1fc1a191d9
- SHA512
  
  65d69213e5bfc0e94dea072a518f784052e2fe59890a2688b886d48130664bb41d95ca07047be42f3eebecd3522651bb377cda9a2f219f6870e0debe79816fde
- SSDEEP
  
  12288:uFWVF4zUktye4I80ail1zjOPyxoaEefbpr/ACAv93z7PiOK:u4VS5tn40aI1mP4oFeDpr/+v93XaOK
Score

10^/10

formbook gtt8 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2