formbook

General

Target

SHIPPING DOCUMENTS. 25.23.exe
Size

670KB
Sample

230518-frrhsagg7z
MD5

77783c6f99127280ab5c677c1c96bf7c
SHA1

5327e4ca332aa28267444a12cd692375291a4ce2
SHA256

e8f271e2c00c7310ba76f5be24f425df7b4c3fdd84a0b715906a10da4f7e879b
SHA512

e134cecc97558e46ee9b26cc1c6a818fd3697360d62a171aa2912900cfbf569a8aedc2de6e466d42f9401f964319af36203c389af46332d40bce2390bed1ef91
SSDEEP

12288:S8RXgHLZIcZI13TZFseMdvkp/TpVMYEVxhe+XbeG7aEGONgLQ:SsAtDmJZTu8ptipSupf

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ga36

Decoy

700kitchen.com

udda.app

fractionalgc.tech

tipmercados.net

2-upapparel.net

directbookdiscount.com

koewetzeltours.com

d7c8-iuxt.com

hamaancook.com

benjaimnmoore.com

yimaglobal.africa

dispovapo.com

aseguvenlik.com

battery-worth.com

dddanbao.mobi

blueskyauberge.com

740.mobi

betterbonella.com

liverally.club

czubao.com

Targets

- Target
  
  SHIPPING DOCUMENTS. 25.23.exe
- Size
  
  670KB
- MD5
  
  77783c6f99127280ab5c677c1c96bf7c
- SHA1
  
  5327e4ca332aa28267444a12cd692375291a4ce2
- SHA256
  
  e8f271e2c00c7310ba76f5be24f425df7b4c3fdd84a0b715906a10da4f7e879b
- SHA512
  
  e134cecc97558e46ee9b26cc1c6a818fd3697360d62a171aa2912900cfbf569a8aedc2de6e466d42f9401f964319af36203c389af46332d40bce2390bed1ef91
- SSDEEP
  
  12288:S8RXgHLZIcZI13TZFseMdvkp/TpVMYEVxhe+XbeG7aEGONgLQ:SsAtDmJZTu8ptipSupf
Score

10^/10

formbook ga36 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2