formbook

General

Target

c930599e45ce9f8d2d1ffcce335e47b1beef8119dabef13eefe381927a4f6719.exe
Size

691KB
Sample

230510-mty4zahd3s
MD5

69a954a766983a363e53c19f190aebc6
SHA1

36591fa9afee61d593e88ca045a1eaf11f3f8648
SHA256

c930599e45ce9f8d2d1ffcce335e47b1beef8119dabef13eefe381927a4f6719
SHA512

ff0a21fb480138e3a7c0f4103fd99c7afdb9f1c428757862cc65f3564e45e86f57cda0c8c41b0fbc7bd1a394caa305fa1980ee3223be6fb1f566e3a3e6153ef0
SSDEEP

12288:zOdVxnu7UEl7LvxsXxs2egQVt5abXceuoVN4SKBbqrAL64kHTULNWBv50S1JS/yd:MVgUElhshs6bXc73SsbbYiWp5HS/y+C3

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gtt8

Decoy

thesuccessbot.com

rittercivil.com

jt1.fun

d365extension.com

quqoxeq.top

visittworiverswi.com

bfprotienda.com

greenhabitsph.com

ladmere.com

clockboutiques.com

minwart.xyz

xinyuejiancai.online

eggsl.com

fetchingcandles.com

skywatiniya.com

hinkley.news

realityonlineenterprises.com

teamcroissant.com

esfera-pv.ch

herdadedosmontesbastos.com

Targets

- Target
  
  c930599e45ce9f8d2d1ffcce335e47b1beef8119dabef13eefe381927a4f6719.exe
- Size
  
  691KB
- MD5
  
  69a954a766983a363e53c19f190aebc6
- SHA1
  
  36591fa9afee61d593e88ca045a1eaf11f3f8648
- SHA256
  
  c930599e45ce9f8d2d1ffcce335e47b1beef8119dabef13eefe381927a4f6719
- SHA512
  
  ff0a21fb480138e3a7c0f4103fd99c7afdb9f1c428757862cc65f3564e45e86f57cda0c8c41b0fbc7bd1a394caa305fa1980ee3223be6fb1f566e3a3e6153ef0
- SSDEEP
  
  12288:zOdVxnu7UEl7LvxsXxs2egQVt5abXceuoVN4SKBbqrAL64kHTULNWBv50S1JS/yd:MVgUElhshs6bXc73SsbbYiWp5HS/y+C3
Score

10^/10

formbook gtt8 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2