formbook

General

Target

Payment Advice - Advice Ref[A1STthKVCJAQ ACH credits Customer Ref AP2210 C15 Second Party _PDF_.iso
Size

694KB
Sample

230829-sh1rbagc2z
MD5

a154e367175f76f4e2e33f1276f0f2b7
SHA1

e38c3d72a6fd4af18915d4bd35e528fb607f6d04
SHA256

b179b72aa730c69939026708ab2732122d2fbcf5e0412abc15d2b5bdb84840b0
SHA512

7e41a62b361cf59b1c19ff1a814fd03ebdee12e23e6eadb3253dbb0317f272bd65f1165f846f21e7caec9bf3235fe30d46a870fb10bd3e7ac9b4f1fc77ba95cb
SSDEEP

12288:rBDoCUhRcOJ5cmu6nwpbrK8uo7SgJvzqYDc7bdQw90ETfNx24l7tWQssgRHQt5:Vx5yBnA+oWgJvzxc7i7ENx7RMRHQt

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gg62

Decoy

refrigerators-pk.today

jajifi.fun

fivonworld.com

rangbangs.com

server-dell.com

jefevirtual.com

jobode.info

grindhardgarage.com

gaoxiba168.com

thekotturfund.com

taberla.com

santorinieshop.com

ajptqqex.click

johnjaen.com

innovantdev.com

mjofvsea2.com

yun0796.com

rokovoko.nexus

tuabogado.gratis

jqinnovation.online

Targets

- Target
  
  Payment Advice - Advice Ref[A1STthKVCJAQ ACH credits Customer Ref AP2210 C15 Second Party _PDF_.exe
- Size
  
  632KB
- MD5
  
  db8ac3b23fae106a86eb646f297e3f5c
- SHA1
  
  2b1c72305279bd7cef63b24ad08e28434b21db41
- SHA256
  
  946c1319c6a08e50e191cc56cac6895bfac47b2e766901a8714251f40a06bdff
- SHA512
  
  bea9418e6f5e39019b05b84899652ed455a805e863caa3e3986fef26c47e6fb9a1b365d2388ff61424b3241f8e5847d3e8bfc46c3190f35a49c5abe25242eeaa
- SSDEEP
  
  12288:8BDoCUhRcOJ5cmu6nwpbrK8uo7SgJvzqYDc7bdQw90ETfNx24l7tWQssgRHQt5:gx5yBnA+oWgJvzxc7i7ENx7RMRHQt
Score

10^/10

formbook gg62 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2