formbook

General

Target

80EBE41A19FFD8834F9DAE4CD917CBC45DCCB91814B54BDD1E1B18B638601275
Size

556KB
Sample

230518-cgejpahc87
MD5

5e47683ab23dbde9782bc9a710386287
SHA1

3612484bea280d97954467ddc99cd8130358e6db
SHA256

80ebe41a19ffd8834f9dae4cd917cbc45dccb91814b54bdd1e1b18b638601275
SHA512

ef3988a947bed7b3468a5b947bc629534b4352f14654747ddc99305466a3473ea4021c7c2feea2546d8835a34f121fa91fff5cd0235d3223872ac1deecac28cc
SSDEEP

12288:d1XZw1m0zKgurYRAXwN5HVEcSdp8aemd9999TdO/+oGp9mL8d1E:DXZw1hzKkyPjDtb9dy+o05nE

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gtt8

Decoy

thesuccessbot.com

rittercivil.com

jt1.fun

d365extension.com

quqoxeq.top

visittworiverswi.com

bfprotienda.com

greenhabitsph.com

ladmere.com

clockboutiques.com

minwart.xyz

xinyuejiancai.online

eggsl.com

fetchingcandles.com

skywatiniya.com

hinkley.news

realityonlineenterprises.com

teamcroissant.com

esfera-pv.ch

herdadedosmontesbastos.com

Targets

- Target
  
  MTEC PURCHASE ORDER.exe
- Size
  
  632KB
- MD5
  
  c05652e4a0a26f32bebadf09b4a5ef1b
- SHA1
  
  afd662c0b711f3fae0357c14117ab4f335ecc164
- SHA256
  
  1ab21622dec3ed837ed83abf3b79689037682a6d24da2c48ffbe12ba022c19ef
- SHA512
  
  547a40f72197183384f3a76012aba46af81edd4ee273bcda39b3a757c3b88cf2a52e9cc5a55b41f852c5b4df07ad9ad45f451b2318dfe0467853f9a67cbc4a7f
- SSDEEP
  
  12288:/Nj5AyKDm0wPguKYJAdYN5HVEc9dS8aemdDceRTCO/MoGn9dpmd3hBhm:/34DhwPhaQsDtoeJtMoOqxPhm
Score

10^/10

formbook gtt8 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2