formbook

General

Target

a9529e72ea3c3b4f0c5dfe1915c17a8a_JaffaCakes118
Size

255KB
Sample

240403-288dhsfg9x
MD5

a9529e72ea3c3b4f0c5dfe1915c17a8a
SHA1

a2f76981ad79f9358a5ac54ed9ae9ecb47a45286
SHA256

9f35623c249226a739c810db0da1b7332b9d98222e9e50c8aaa001edcf505af1
SHA512

4b5323e779f6a0b2f78793004b6c7e8b7bba3be373fc67a9d6471bf95baeb2b38855068c423d49b76ba3fc153a6a100157ad0487230de5471b8de42ab2e152b4
SSDEEP

6144:wBlL/chpgBO5InEpwL/G/HybZfrc0K4/yMAEj8VHmVli:CeDNWnEWjG/SNT3K4ci0Eli

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rv9n

Decoy

olivia-grace.show

zhuwww.com

keiretsu.xyz

olidnh.space

searuleansec.com

2fastrepair.com

brooklynmetalroof.com

scodol.com

novaprint.pro

the-loaner.com

nextroundscap.com

zbwlggs.com

internetautodealer.com

xn--tornrealestate-ekb.com

yunjiuhuo.com

skandinaviskakryptobanken.com

coxivarag.rest

ophthalmologylab.com

zzzzgjcdbqnn98.net

doeful.com

Targets

- Target
  
  a9529e72ea3c3b4f0c5dfe1915c17a8a_JaffaCakes118
- Size
  
  255KB
- MD5
  
  a9529e72ea3c3b4f0c5dfe1915c17a8a
- SHA1
  
  a2f76981ad79f9358a5ac54ed9ae9ecb47a45286
- SHA256
  
  9f35623c249226a739c810db0da1b7332b9d98222e9e50c8aaa001edcf505af1
- SHA512
  
  4b5323e779f6a0b2f78793004b6c7e8b7bba3be373fc67a9d6471bf95baeb2b38855068c423d49b76ba3fc153a6a100157ad0487230de5471b8de42ab2e152b4
- SSDEEP
  
  6144:wBlL/chpgBO5InEpwL/G/HybZfrc0K4/yMAEj8VHmVli:CeDNWnEWjG/SNT3K4ci0Eli
Score

10^/10

formbook rv9n rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/itfd.dll
- Size
  
  42KB
- MD5
  
  af514b31b839ced67c0907a6569e3495
- SHA1
  
  ca1c2fd9e815d695ec163cac2d2feb72fa9b0a00
- SHA256
  
  e5b37e22db2aab4db04417c4b30be841686e2300687d5b3abd8a0456cd144d31
- SHA512
  
  22920f0365435be0961a33009ab1bff010ab5534553bd9d75e9be30ea588c67ea8ac7be936e4759019cb2a7fa6232fbbb4cef516ab54f68396934f383da52055
- SSDEEP
  
  768:0t8W+2zCq7jt8fFhCQcFSOzin3WfMGjny8+XY4PscAigP:0t8uzf7RJQcm3Wl+XY40cTgP
Score

10^/10

formbook rv9n rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Loads dropped DLL

Suspicious use of SetThreadContext

Formbook

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4