formbook

General

Target

Request For Price and Availability_PDF____.iso
Size

614KB
Sample

230828-rplqasbf47
MD5

7808b3979d9d45c5d260e9f771050904
SHA1

f31f32c967dac4f9cdc67b4459699d806e36e871
SHA256

725bdff33e272437ebea9f4b775441e7360f0a52193aee1471966c504eabe9f6
SHA512

123c22fa739e3849b57c14a87fc90afe503a74c2350cc378e83535fa218cfb3845b3bac68bb65eddb2168c6b0ed3a68d5b39516bcbca760eb4382f1c463ec7e7
SSDEEP

12288:Sud04ufv0zINbr57FQ6gUNYitOrlrFpIrlO+A:Xd+f3BQ6gUGVlrgr

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gg62

Decoy

refrigerators-pk.today

jajifi.fun

fivonworld.com

rangbangs.com

server-dell.com

jefevirtual.com

jobode.info

grindhardgarage.com

gaoxiba168.com

thekotturfund.com

taberla.com

santorinieshop.com

ajptqqex.click

johnjaen.com

innovantdev.com

mjofvsea2.com

yun0796.com

rokovoko.nexus

tuabogado.gratis

jqinnovation.online

Targets

- Target
  
  Request For Price and Availability_PDF____.exe
- Size
  
  554KB
- MD5
  
  7247c2f218df48a7bd824f33f86b1760
- SHA1
  
  675a63f975c572ce3c761688a8224e80bce90cd0
- SHA256
  
  3c37386f3be133776e9754f751b88396a17d0030105646d373e82e8e0a79fe3c
- SHA512
  
  4051997473e621298980c0a0e44548f3bd648c70ac79afb10e96ea995570f3754a600aec823abab285dd370b033f8913642316f0c87e7d97b210ee30582ea372
- SSDEEP
  
  12288:8ud04ufv0zINbr57FQ6gUNYitOrlrFpIrlO+A:Rd+f3BQ6gUGVlrgr
Score

10^/10

formbook gg62 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2