formbook

General

Target

28e0a297c93023d0ad2d296b214598b5_JaffaCakes118
Size

513KB
Sample

240329-wjkchaeg78
MD5

28e0a297c93023d0ad2d296b214598b5
SHA1

ef10cbec56dc28cba963887050738501419306e6
SHA256

cce2edbec8676315b05ba2e2dda2feb9190edb5f217b9824ae58b40a770924fe
SHA512

f5f78b83a50a90d4f35208522c7baf30685dd755ecdc78c9245ca7d94643b85797b4041282dd9655a0cc4bc8032211203b1c452999c3ab0ab74b06751211b1c5
SSDEEP

12288:xUi2iN3WaGC7ZBbAOSZMEwYHaCRUyt/Vkdna/hPZB:xUi1oaFqZMtq/adKhPZ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d7ln

Decoy

bulut-imza.com

gotastebuds.com

shutupmags.com

clocksport.com

toweryachtcounsel.com

kingcopier.com

pluspersona.com

inchallahe.com

unclonedconsulting.com

ccdt168.com

tonyzheng.xyz

voiceoftheepeople.com

cicapital.xyz

offxpro.com

loyatiproductions.com

makemebuystuff.com

incuba8labs.com

remparka.com

newstft.com

bgame.pro

Targets

- Target
  
  28e0a297c93023d0ad2d296b214598b5_JaffaCakes118
- Size
  
  513KB
- MD5
  
  28e0a297c93023d0ad2d296b214598b5
- SHA1
  
  ef10cbec56dc28cba963887050738501419306e6
- SHA256
  
  cce2edbec8676315b05ba2e2dda2feb9190edb5f217b9824ae58b40a770924fe
- SHA512
  
  f5f78b83a50a90d4f35208522c7baf30685dd755ecdc78c9245ca7d94643b85797b4041282dd9655a0cc4bc8032211203b1c452999c3ab0ab74b06751211b1c5
- SSDEEP
  
  12288:xUi2iN3WaGC7ZBbAOSZMEwYHaCRUyt/Vkdna/hPZB:xUi1oaFqZMtq/adKhPZ
Score

10^/10

formbook d7ln rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2