formbook

General

Target

301a4df4f0d5f945e5f5d75ae82d4b9e_JaffaCakes118
Size

584KB
Sample

240330-bmbvbaee29
MD5

301a4df4f0d5f945e5f5d75ae82d4b9e
SHA1

1a4cef4c3cfbfdc52c726bb1887ae84e09c61d88
SHA256

22a5161a4d95e737100936f93042049719d13a8437d751c22ad485ed51ee7c96
SHA512

a02ab80cca04e59330a99fbf6c4a95a6199a722733e42a07e6fb3bad74fd5c3b02bf63971b750833ee8f4b7a81826e103499635d916bf0d0fc05024b8cff906e
SSDEEP

6144:++6MFohvg6u6Uqrlcv1Y5al1g0VgEyW0ocS8ZF5UWX4zdTV+M2QJaPDZxgBj8lLS:6hvJUfv00gEygcS+XJkdV9HzBjYLUW0

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hht8

Decoy

chenghuaikj.com

lovegames.site

namalon.com

ltxxiu.com

yaotiaoshiguang.top

serversshipping.com

animationwageshare.com

rh-et.com

cutepets1.com

chantforpeace.com

techmazakatta.com

amoorelive.com

bisexualnft.com

k5truckingexpress.com

6e1eturzmu9ustbnrfe2404.com

allday.coach

prettyrisque.com

stripeer.com

ktranspass.com

salinibros.com

Targets

- Target
  
  301a4df4f0d5f945e5f5d75ae82d4b9e_JaffaCakes118
- Size
  
  584KB
- MD5
  
  301a4df4f0d5f945e5f5d75ae82d4b9e
- SHA1
  
  1a4cef4c3cfbfdc52c726bb1887ae84e09c61d88
- SHA256
  
  22a5161a4d95e737100936f93042049719d13a8437d751c22ad485ed51ee7c96
- SHA512
  
  a02ab80cca04e59330a99fbf6c4a95a6199a722733e42a07e6fb3bad74fd5c3b02bf63971b750833ee8f4b7a81826e103499635d916bf0d0fc05024b8cff906e
- SSDEEP
  
  6144:++6MFohvg6u6Uqrlcv1Y5al1g0VgEyW0ocS8ZF5UWX4zdTV+M2QJaPDZxgBj8lLS:6hvJUfv00gEygcS+XJkdV9HzBjYLUW0
Score

10^/10

formbook hht8 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2