formbook

General

Target

140c67ee8edcfc2c04ea4312e95f80e0_JaffaCakes118
Size

252KB
Sample

240329-ay5fbsdd86
MD5

140c67ee8edcfc2c04ea4312e95f80e0
SHA1

6bed70dbf578dbb8befc44987ad8b5784a5dafb0
SHA256

299dd5c3192a96d29e2eacb650c5235a4aadc3e7ec921e89940fb77519700d66
SHA512

0b2c4a2cc7acce08738e30dd4616f4a32fc187042ffb0c9b8412dad56ee702fedc22581149d8eab6cf3e1da9953f698ca8053757a1daebeedd0087b596c27479
SSDEEP

6144:3lBfxXRVUCFo7xHJ7SmvHRVz4JmDlbiwv:33VUCFotHJ7SwnzHpl

Score

10^/10

formbook pe rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.6

Campaign

pe

Decoy

ilikeshoping.com

websitetestingservices.com

tantradesoie.com

narcissistory.com

fapgame.net

iryrv.info

contextre.com

mosala24.com

alienpokeragent.com

lqjwq.com

musica.solar

tipsatransporte.com

kawanparjo.com

onsideadvisers.com

rpwfj.com

9ldhh.info

dancewithsalsadivina.com

resurfjeans.online

smoke-cicle.com

battery365.net

Targets

- Target
  
  140c67ee8edcfc2c04ea4312e95f80e0_JaffaCakes118
- Size
  
  252KB
- MD5
  
  140c67ee8edcfc2c04ea4312e95f80e0
- SHA1
  
  6bed70dbf578dbb8befc44987ad8b5784a5dafb0
- SHA256
  
  299dd5c3192a96d29e2eacb650c5235a4aadc3e7ec921e89940fb77519700d66
- SHA512
  
  0b2c4a2cc7acce08738e30dd4616f4a32fc187042ffb0c9b8412dad56ee702fedc22581149d8eab6cf3e1da9953f698ca8053757a1daebeedd0087b596c27479
- SSDEEP
  
  6144:3lBfxXRVUCFo7xHJ7SmvHRVz4JmDlbiwv:33VUCFotHJ7SwnzHpl
Score

10^/10

formbook pe rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Drops startup file

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2