formbook

General

Target

f879151d14408867cb744693d593d927_JaffaCakes118
Size

309KB
Sample

240418-wd21csag26
MD5

f879151d14408867cb744693d593d927
SHA1

c79d22f6a4f703c69488518a3ca017d54e5fcb6b
SHA256

4717b1585971b702c8e32e5054b5514dc4e6ed5a5f50434d66f43c79d15354c6
SHA512

c12a8da37ed7d5f85b5439662d571d22d1cd3c587c2951b3dd58c10694cad50e18b5a4acc954feed3de95223e7fe8ffcd88d7ef34456bc786b7f26d4b26c2ef4
SSDEEP

6144:T0qGuscp0XUc6hNj3N3/J2SeeapKrX6ZnBl2+:Txscp0XWLN3R2veBKTp

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dd2v

Decoy

jkrqzmeyd.icu

cbluedottvwdshop.com

yhchen.space

premierhealthnwellness.com

szkuyaju.com

harvestmoonloans.net

dadematerial.com

mariaclarahairstudio.com

hwunvy.online

puloutjbmere.com

kossu1989.com

dubbedos.com

ncylis.com

hybrid-sol.com

travelature.com

gracefulcounts.com

66secretgarden.com

eslonyourcell.com

wisersponsorship.com

sepn3.com

Targets

- Target
  
  f879151d14408867cb744693d593d927_JaffaCakes118
- Size
  
  309KB
- MD5
  
  f879151d14408867cb744693d593d927
- SHA1
  
  c79d22f6a4f703c69488518a3ca017d54e5fcb6b
- SHA256
  
  4717b1585971b702c8e32e5054b5514dc4e6ed5a5f50434d66f43c79d15354c6
- SHA512
  
  c12a8da37ed7d5f85b5439662d571d22d1cd3c587c2951b3dd58c10694cad50e18b5a4acc954feed3de95223e7fe8ffcd88d7ef34456bc786b7f26d4b26c2ef4
- SSDEEP
  
  6144:T0qGuscp0XUc6hNj3N3/J2SeeapKrX6ZnBl2+:Txscp0XWLN3R2veBKTp
Score

10^/10

formbook dd2v rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2