formbook

General

Target

7247c2f218df48a7bd824f33f86b1760.bin
Size

530KB
Sample

230830-b9rt2shb32
MD5

0555092939dea932b118100aa4cf249b
SHA1

bd533816a0e9b58f5c76b5c9aecf1cb399da464a
SHA256

e33da15a7c34d73affd743ac0249d3b2456899c90f6e6966318d21056b9d3645
SHA512

6bcbfce20a51bc92aa23271afb68becb44ab73a9ea5a0f6dfec16cb4c5945b231b2bd6323ad5ec6505867e991d718867570d31d766abbcf0f689ef05ad3fb008
SSDEEP

12288:wTYwemRZ1Sa5pBK4sJd2pG5YK1tS6Lq+Wi1+9dXF5cj6lzY:wkw7f02vsJ8K1tS6L7T1+9D5cjKY

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gg62

Decoy

refrigerators-pk.today

jajifi.fun

fivonworld.com

rangbangs.com

server-dell.com

jefevirtual.com

jobode.info

grindhardgarage.com

gaoxiba168.com

thekotturfund.com

taberla.com

santorinieshop.com

ajptqqex.click

johnjaen.com

innovantdev.com

mjofvsea2.com

yun0796.com

rokovoko.nexus

tuabogado.gratis

jqinnovation.online

Targets

- Target
  
  3c37386f3be133776e9754f751b88396a17d0030105646d373e82e8e0a79fe3c.exe
- Size
  
  554KB
- MD5
  
  7247c2f218df48a7bd824f33f86b1760
- SHA1
  
  675a63f975c572ce3c761688a8224e80bce90cd0
- SHA256
  
  3c37386f3be133776e9754f751b88396a17d0030105646d373e82e8e0a79fe3c
- SHA512
  
  4051997473e621298980c0a0e44548f3bd648c70ac79afb10e96ea995570f3754a600aec823abab285dd370b033f8913642316f0c87e7d97b210ee30582ea372
- SSDEEP
  
  12288:8ud04ufv0zINbr57FQ6gUNYitOrlrFpIrlO+A:Rd+f3BQ6gUGVlrgr
Score

10^/10

formbook gg62 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2