formbook

General

Target

18d55e644d97c47a387dbe93e74a41ca
Size

1.1MB
Sample

231224-2928wschf5
MD5

18d55e644d97c47a387dbe93e74a41ca
SHA1

34a88212b920a763cde05ba5e3e28b168f89cd55
SHA256

c78b8b110d575fc2ec594bbc1731b361cc17342ebdb29bb03df1d87d9342eac9
SHA512

187f13a1f60ed0b77a041f0c20157189be3d9fed13271d69eebfe85a46129659beae51808124599f2028ee51136d35f9f10eb15b8814d69842c40c18bc6584d2
SSDEEP

12288:Wej3xCGRiOQKL4PHCpG86IEGbHYhA+LUc1P+X4dBJGF7ldUdgl12nt+EW1:vj34Rh0HYhh4c1P+wB8tImH2t+EW1

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jdkn

Decoy

salkblend.com

theourworld.foundation

microsoftofficeweb.com

7mi3.com

eltoncastee.com

threeingredientcocktails.com

vibecity.online

moka-s.com

mezo-meats.com

goldbarrbrand.com

pildoreando.com

pbqjm.com

xiaoshuhr.com

gaythemedfilm.club

fuckedupforpay.com

realengolife.com

vstarnailsandspa.com

bodurm.com

alphaden.club

sanatanies.com

Targets

- Target
  
  18d55e644d97c47a387dbe93e74a41ca
- Size
  
  1.1MB
- MD5
  
  18d55e644d97c47a387dbe93e74a41ca
- SHA1
  
  34a88212b920a763cde05ba5e3e28b168f89cd55
- SHA256
  
  c78b8b110d575fc2ec594bbc1731b361cc17342ebdb29bb03df1d87d9342eac9
- SHA512
  
  187f13a1f60ed0b77a041f0c20157189be3d9fed13271d69eebfe85a46129659beae51808124599f2028ee51136d35f9f10eb15b8814d69842c40c18bc6584d2
- SSDEEP
  
  12288:Wej3xCGRiOQKL4PHCpG86IEGbHYhA+LUc1P+X4dBJGF7ldUdgl12nt+EW1:vj34Rh0HYhh4c1P+wB8tImH2t+EW1
Score

10^/10

formbook jdkn rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2