formbook

General

Target

28e013c2654f47916f1a62cf09308cad_JaffaCakes118
Size

249KB
Sample

240329-wjfz3seb9w
MD5

28e013c2654f47916f1a62cf09308cad
SHA1

fa785ccc69ec30254ee9b81f87dca6764350075e
SHA256

fa5502396dc7ec0fc5508d901eb8b3e555558cdbaff338a1911db0edd4563b78
SHA512

69c2de2dd642e287a956baf250ebe592b00b93295600006232fe69e473dcd2dc350df2b0ecb7f92a3d0a20e35f8951bd8e25e6290bcf629df97e326e738f16ca
SSDEEP

6144:wBlL/c+xnpzVsgv3OOhxYwdrgR83DE+KO30Zo+zK:Ce+xnd3NxYwVgR2DE+uZ5m

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rv9n

Decoy

olivia-grace.show

zhuwww.com

keiretsu.xyz

olidnh.space

searuleansec.com

2fastrepair.com

brooklynmetalroof.com

scodol.com

novaprint.pro

the-loaner.com

nextroundscap.com

zbwlggs.com

internetautodealer.com

xn--tornrealestate-ekb.com

yunjiuhuo.com

skandinaviskakryptobanken.com

coxivarag.rest

ophthalmologylab.com

zzzzgjcdbqnn98.net

doeful.com

Targets

- Target
  
  28e013c2654f47916f1a62cf09308cad_JaffaCakes118
- Size
  
  249KB
- MD5
  
  28e013c2654f47916f1a62cf09308cad
- SHA1
  
  fa785ccc69ec30254ee9b81f87dca6764350075e
- SHA256
  
  fa5502396dc7ec0fc5508d901eb8b3e555558cdbaff338a1911db0edd4563b78
- SHA512
  
  69c2de2dd642e287a956baf250ebe592b00b93295600006232fe69e473dcd2dc350df2b0ecb7f92a3d0a20e35f8951bd8e25e6290bcf629df97e326e738f16ca
- SSDEEP
  
  6144:wBlL/c+xnpzVsgv3OOhxYwdrgR83DE+KO30Zo+zK:Ce+xnd3NxYwVgR2DE+uZ5m
Score

10^/10

formbook rv9n rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/yzwbonbom.dll
- Size
  
  28KB
- MD5
  
  8b7c957c4a8ddf81d0ebb46d55054e1e
- SHA1
  
  6a17d7bf1915a1ccdfa39227a10fa443400af774
- SHA256
  
  1eaf128b2888192f6659cc7c70aa0db515057449f873f40e0fd3a3cd6a8105b0
- SHA512
  
  a6579a5c8a1f26b786cd29823d0106f0b876df41256b3c21fa5d7a041c3a696b62ae87dcd0fd1336240c82bce37ae7e0ecefbf8dbb6d57c57aeaf3e399f7b2e3
- SSDEEP
  
  768:reFQaNZMJyCAfbZjL46zh/DaorbG/9DdQF5M27z:ED9bZjDooPG1DdMDf
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4