formbook

General

Target

SecuriteInfo.com.Trojan.DownLoaderNET.710.3447.5929.exe
Size

554KB
Sample

230828-1fwnksbb3w
MD5

7247c2f218df48a7bd824f33f86b1760
SHA1

675a63f975c572ce3c761688a8224e80bce90cd0
SHA256

3c37386f3be133776e9754f751b88396a17d0030105646d373e82e8e0a79fe3c
SHA512

4051997473e621298980c0a0e44548f3bd648c70ac79afb10e96ea995570f3754a600aec823abab285dd370b033f8913642316f0c87e7d97b210ee30582ea372
SSDEEP

12288:8ud04ufv0zINbr57FQ6gUNYitOrlrFpIrlO+A:Rd+f3BQ6gUGVlrgr

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gg62

Decoy

refrigerators-pk.today

jajifi.fun

fivonworld.com

rangbangs.com

server-dell.com

jefevirtual.com

jobode.info

grindhardgarage.com

gaoxiba168.com

thekotturfund.com

taberla.com

santorinieshop.com

ajptqqex.click

johnjaen.com

innovantdev.com

mjofvsea2.com

yun0796.com

rokovoko.nexus

tuabogado.gratis

jqinnovation.online

Targets

- Target
  
  SecuriteInfo.com.Trojan.DownLoaderNET.710.3447.5929.exe
- Size
  
  554KB
- MD5
  
  7247c2f218df48a7bd824f33f86b1760
- SHA1
  
  675a63f975c572ce3c761688a8224e80bce90cd0
- SHA256
  
  3c37386f3be133776e9754f751b88396a17d0030105646d373e82e8e0a79fe3c
- SHA512
  
  4051997473e621298980c0a0e44548f3bd648c70ac79afb10e96ea995570f3754a600aec823abab285dd370b033f8913642316f0c87e7d97b210ee30582ea372
- SSDEEP
  
  12288:8ud04ufv0zINbr57FQ6gUNYitOrlrFpIrlO+A:Rd+f3BQ6gUGVlrgr
Score

10^/10

formbook gg62 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2