formbook

General

Target

9867dc4c4aad89a47aa9fcdc726b5296dac1a3150520140e6d7da4836448d970
Size

968KB
Sample

230608-myz7tsfb3w
MD5

31b4c9a8410d02e19dfd38ac81944b90
SHA1

3196a4fa70bae053fa9c4aabb34eef6d6c8d1516
SHA256

9867dc4c4aad89a47aa9fcdc726b5296dac1a3150520140e6d7da4836448d970
SHA512

8b15ecce9f6efb4c22a34cf4d0b58b2da3b25f73e3ec0794959c111582902f1386de73eb01bc84ae83fdee195600f1f5363a4e711e230dcd8fa11acd07a0c541
SSDEEP

24576:ddeb8P0iW3NMWVp+0w1Nj2dglxwmEgwF96fk:rP0iAiWP+0wDggsmEgmqk

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gg04

Decoy

clothandsoulfabricllc.com

kx1336.com

4638.global

fixlaunchcredtunionmemb.online

indivexport.com

betuluzun.online

colossusboutique.com

hgcst.com

authorizer.online

hong-travel.com

globalwealthstrategiesco.com

fobberq.com

tribally.net

cook-a.com

todipjane.africa

membershipexams.africa

3dseal.online

abris-spb.ru

mkkkkk.net

chargecentral.store

Targets

- Target
  
  9867dc4c4aad89a47aa9fcdc726b5296dac1a3150520140e6d7da4836448d970
- Size
  
  968KB
- MD5
  
  31b4c9a8410d02e19dfd38ac81944b90
- SHA1
  
  3196a4fa70bae053fa9c4aabb34eef6d6c8d1516
- SHA256
  
  9867dc4c4aad89a47aa9fcdc726b5296dac1a3150520140e6d7da4836448d970
- SHA512
  
  8b15ecce9f6efb4c22a34cf4d0b58b2da3b25f73e3ec0794959c111582902f1386de73eb01bc84ae83fdee195600f1f5363a4e711e230dcd8fa11acd07a0c541
- SSDEEP
  
  24576:ddeb8P0iW3NMWVp+0w1Nj2dglxwmEgwF96fk:rP0iAiWP+0wDggsmEgmqk
Score

10^/10

formbook gg04 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2