formbook

General

Target

ORDER#KG23AG007_JUNE2023_SHYAM_GRSOUP_IND.exe
Size

318KB
Sample

230623-hfr2aacg94
MD5

7747a48635cb9f24aebd42ad05fcde93
SHA1

165a095cdb3c9b0591d04efb2ab8caecebbc667a
SHA256

c751b1369af3d6c58b101c6605dee97559f910f23c009cc41ddff70c0ab06a0f
SHA512

72942bebb56793385b73e22b3e870b1db40231792b5142d6b2098b6b5067b8e451e113b010b595a704d633f4cd246adf98f653529956db5ad18d0269bbc8610b
SSDEEP

6144:BYa6xMRpovPU7YD0MPQGndKuRFXro+r9LLR8uKB5Wgp2:BY7wKt0MBdlrt5nRHKB5R2

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ng04

Decoy

christinegnigler.com

shukydeco.com

yuncaibg.com

eikjjs.cloud

cautamhouri.xyz

furtkagrsets.xyz

zhaoshang0197.shop

maraduncan.autos

aircleanlimited.com

simplificandotdah.com

ggs-1126.cyou

6848us.com

g1fx2.xyz

earnmoneyhelper.com

mbh123.xyz

1803734.com

blur-x-proof.xyz

dfwbusinessconnection.com

clubbeyyresorthotel.com

iittzz.com

Targets

- Target
  
  ORDER#KG23AG007_JUNE2023_SHYAM_GRSOUP_IND.exe
- Size
  
  318KB
- MD5
  
  7747a48635cb9f24aebd42ad05fcde93
- SHA1
  
  165a095cdb3c9b0591d04efb2ab8caecebbc667a
- SHA256
  
  c751b1369af3d6c58b101c6605dee97559f910f23c009cc41ddff70c0ab06a0f
- SHA512
  
  72942bebb56793385b73e22b3e870b1db40231792b5142d6b2098b6b5067b8e451e113b010b595a704d633f4cd246adf98f653529956db5ad18d0269bbc8610b
- SSDEEP
  
  6144:BYa6xMRpovPU7YD0MPQGndKuRFXro+r9LLR8uKB5Wgp2:BY7wKt0MBdlrt5nRHKB5R2
Score

10^/10

formbook ng04 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2