formbook

General

Target

SecuriteInfo.com.Trojan.Packed2.45620.17921.20264.exe
Size

632KB
Sample

230829-1g2afsbb61
MD5

db8ac3b23fae106a86eb646f297e3f5c
SHA1

2b1c72305279bd7cef63b24ad08e28434b21db41
SHA256

946c1319c6a08e50e191cc56cac6895bfac47b2e766901a8714251f40a06bdff
SHA512

bea9418e6f5e39019b05b84899652ed455a805e863caa3e3986fef26c47e6fb9a1b365d2388ff61424b3241f8e5847d3e8bfc46c3190f35a49c5abe25242eeaa
SSDEEP

12288:8BDoCUhRcOJ5cmu6nwpbrK8uo7SgJvzqYDc7bdQw90ETfNx24l7tWQssgRHQt5:gx5yBnA+oWgJvzxc7i7ENx7RMRHQt

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gg62

Decoy

refrigerators-pk.today

jajifi.fun

fivonworld.com

rangbangs.com

server-dell.com

jefevirtual.com

jobode.info

grindhardgarage.com

gaoxiba168.com

thekotturfund.com

taberla.com

santorinieshop.com

ajptqqex.click

johnjaen.com

innovantdev.com

mjofvsea2.com

yun0796.com

rokovoko.nexus

tuabogado.gratis

jqinnovation.online

Targets

- Target
  
  SecuriteInfo.com.Trojan.Packed2.45620.17921.20264.exe
- Size
  
  632KB
- MD5
  
  db8ac3b23fae106a86eb646f297e3f5c
- SHA1
  
  2b1c72305279bd7cef63b24ad08e28434b21db41
- SHA256
  
  946c1319c6a08e50e191cc56cac6895bfac47b2e766901a8714251f40a06bdff
- SHA512
  
  bea9418e6f5e39019b05b84899652ed455a805e863caa3e3986fef26c47e6fb9a1b365d2388ff61424b3241f8e5847d3e8bfc46c3190f35a49c5abe25242eeaa
- SSDEEP
  
  12288:8BDoCUhRcOJ5cmu6nwpbrK8uo7SgJvzqYDc7bdQw90ETfNx24l7tWQssgRHQt5:gx5yBnA+oWgJvzxc7i7ENx7RMRHQt
Score

10^/10

formbook gg62 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2