formbook

General

Target

f6d83fbf014a5691b35cfe80401ea6cb_JaffaCakes118
Size

239KB
Sample

240417-3xgxvsbd5x
MD5

f6d83fbf014a5691b35cfe80401ea6cb
SHA1

47b40e2d2ec4f38faf97d94ebb481cabb17c908f
SHA256

4873fc7cab19439ccbc5cfffcc818ed55cd682cd5475889c7062476a877438ce
SHA512

66564b36c4fe5eecc029248bac207e017b7dc04a2453c0e87db16c6dd3fd1577661bc0b5eeadc9abb7a911d811b3af01a295e9f26edc4b1c97ecb24f7b95c757
SSDEEP

6144:0LzZ7cUVovWnzoMeJgRLlD9LhHLwsLLUMn3ua/TB:0nZ7bVo+cMeClctMn3ua/TB

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

w6ya

Decoy

auden-audio.com

zombieodyssey.com

hdpthg.com

toddtechnical.com

njsdgz.com

yieldfarm.world

guardsveirfynews.net

atmamandir.info

eskisehirtostcusu.online

arrozz.net

v99king.win

jaxonboxing.com

morganevans.net

syandeg.com

valleyofplants.com

corsosportorico.com

tak.support

blacktgpc.com

herdpetshop.com

iifkvhns.xyz

Targets

- Target
  
  038159.exe
- Size
  
  251KB
- MD5
  
  f89aeda946171325b3cc41db4e0c7356
- SHA1
  
  83da10df168a7801bef8257fcbdc23bf18f0d15c
- SHA256
  
  5beadd0ecc9f1407dab89746630fddf7362dd00323e6a5e5413a0c286e2ee583
- SHA512
  
  229332eb6bec4208a2eb9055237ee5ac83a9da577ce04f2a0a9bad2c6c113b815ff60876d265f344d10d36d20da3bb4444ef2c8896fe9dc6005bac73a3c902ab
- SSDEEP
  
  6144:wBlL/cYzuovWn9oMSJgRXlD9LhVLwsLXUMn3ua/TY:Cecuo+yMSYlebMn3ua/TY
Score

10^/10

formbook w6ya rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/jaqxzro.dll
- Size
  
  29KB
- MD5
  
  1e8aa5fcc0f7de7a0836081dd9efff05
- SHA1
  
  48317ef5f587f52fd34b42164dfb893dcde95e1b
- SHA256
  
  5389af7b3d0f5a3496cd2aa538a6ee01fd5a9bd1a8fcf3b9411f4112313d43af
- SHA512
  
  addd27d8923bf5d3f7d87e3eb2f6138d05532aa7c9340fde2f998a84fa87f227b63cd515176940de099d4f8dc46d1ab7467f4e347e266d0ef128d7337d79ea16
- SSDEEP
  
  384:IcOhNOWCf3iUgfews69swci/+9YFmtgqQzZQFORdP2NG6zZHZD24mYfVSUB+V6G4:DC9szi/MeqQqgRd2pZMbwjGANT5
Score

10^/10

formbook w6ya rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

Formbook

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4