formbook

General

Target

HavellsNewOrder.exe
Size

699KB
Sample

230507-k1lfcaeh9y
MD5

300d31029b8682f365329877661a178f
SHA1

aafcc7ef5558fc23613b712eb84d527a00d0b301
SHA256

5165efed390a7710ab87e8256f51ec07dbc9b63e8cf55e104a9230530b813cb0
SHA512

33e3df0de9def64289838c135b174e6cc9bee44fd729363a2baed45301a48641d0f0d9b7d64cac4e54dece1fbfc9753a8e277d1219ae73cb318df6d1c4e1f501
SSDEEP

12288:qPKQH/WQn0L3PCy5lukBLuS45UF1U7+QPM2YvzM0hga6zku7f:IKQfWS07Cy5wCLUWU7+Q6vzM0Igur

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gtt8

Decoy

thesuccessbot.com

rittercivil.com

jt1.fun

d365extension.com

quqoxeq.top

visittworiverswi.com

bfprotienda.com

greenhabitsph.com

ladmere.com

clockboutiques.com

minwart.xyz

xinyuejiancai.online

eggsl.com

fetchingcandles.com

skywatiniya.com

hinkley.news

realityonlineenterprises.com

teamcroissant.com

esfera-pv.ch

herdadedosmontesbastos.com

Targets

- Target
  
  HavellsNewOrder.exe
- Size
  
  699KB
- MD5
  
  300d31029b8682f365329877661a178f
- SHA1
  
  aafcc7ef5558fc23613b712eb84d527a00d0b301
- SHA256
  
  5165efed390a7710ab87e8256f51ec07dbc9b63e8cf55e104a9230530b813cb0
- SHA512
  
  33e3df0de9def64289838c135b174e6cc9bee44fd729363a2baed45301a48641d0f0d9b7d64cac4e54dece1fbfc9753a8e277d1219ae73cb318df6d1c4e1f501
- SSDEEP
  
  12288:qPKQH/WQn0L3PCy5lukBLuS45UF1U7+QPM2YvzM0hga6zku7f:IKQfWS07Cy5wCLUWU7+Q6vzM0Igur
Score

10^/10

formbook gtt8 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Blocklisted process makes network request

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2