formbook

General

Target

20516c4fdd5362027e7383befed47ed7_JaffaCakes118
Size

251KB
Sample

240329-m436nsfd2t
MD5

20516c4fdd5362027e7383befed47ed7
SHA1

3e58bfa088d92fad5b748723e9e5efde54ab3f99
SHA256

19f4dafb701e0d7f58c46397026e8d74b8d63fafe58caf3fa44739bb5bc41bb9
SHA512

f7d5d8005bba7a99f0b1f620acc106542cb5b2023ef61a3de2453a9e25ddb0b5b9f344766b6b182c4c5f398fb5f91ea401d0d907544bf409885f86e162421071
SSDEEP

6144:wBlL/cZDa0KovsPeZFzD82T2x53/tc2VfM7jZm:CeorZmPn82T2xFtcCfM7j0

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rv9n

Decoy

olivia-grace.show

zhuwww.com

keiretsu.xyz

olidnh.space

searuleansec.com

2fastrepair.com

brooklynmetalroof.com

scodol.com

novaprint.pro

the-loaner.com

nextroundscap.com

zbwlggs.com

internetautodealer.com

xn--tornrealestate-ekb.com

yunjiuhuo.com

skandinaviskakryptobanken.com

coxivarag.rest

ophthalmologylab.com

zzzzgjcdbqnn98.net

doeful.com

Targets

- Target
  
  20516c4fdd5362027e7383befed47ed7_JaffaCakes118
- Size
  
  251KB
- MD5
  
  20516c4fdd5362027e7383befed47ed7
- SHA1
  
  3e58bfa088d92fad5b748723e9e5efde54ab3f99
- SHA256
  
  19f4dafb701e0d7f58c46397026e8d74b8d63fafe58caf3fa44739bb5bc41bb9
- SHA512
  
  f7d5d8005bba7a99f0b1f620acc106542cb5b2023ef61a3de2453a9e25ddb0b5b9f344766b6b182c4c5f398fb5f91ea401d0d907544bf409885f86e162421071
- SSDEEP
  
  6144:wBlL/cZDa0KovsPeZFzD82T2x53/tc2VfM7jZm:CeorZmPn82T2xFtcCfM7j0
Score

10^/10

formbook rv9n rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/vmmein.dll
- Size
  
  35KB
- MD5
  
  82db187a22da883f403c64b9eca9eea0
- SHA1
  
  c0bd3fa3bb7116eb50fa593b7d5a40751c6092d3
- SHA256
  
  2add9d3b455a4fcc5b18bc64bf5c798761792db3c0b4124ce40ff4283d7d23b2
- SHA512
  
  7d6c35c546167eddf07296016f29dcfc10c6431f5d05bfe987289254c642665bf1fc0477ca356c501aa16fc5577a37b1f104aaab5b2eef8f21beb72f5c075fca
- SSDEEP
  
  384:cd6LrnOdRSwnijvf1UyqhWd2kFmMW3JNF6YGrUJx/wfZR:OoKdlnijv9DXd2kQMW3JNF6YGrmRwR
Score

10^/10

formbook rv9n rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Loads dropped DLL

Suspicious use of SetThreadContext

Formbook

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4