formbook

General

Target

f89aeda946171325b3cc41db4e0c7356_JaffaCakes118
Size

251KB
Sample

240418-x58gwscg36
MD5

f89aeda946171325b3cc41db4e0c7356
SHA1

83da10df168a7801bef8257fcbdc23bf18f0d15c
SHA256

5beadd0ecc9f1407dab89746630fddf7362dd00323e6a5e5413a0c286e2ee583
SHA512

229332eb6bec4208a2eb9055237ee5ac83a9da577ce04f2a0a9bad2c6c113b815ff60876d265f344d10d36d20da3bb4444ef2c8896fe9dc6005bac73a3c902ab
SSDEEP

6144:wBlL/cYzuovWn9oMSJgRXlD9LhVLwsLXUMn3ua/TY:Cecuo+yMSYlebMn3ua/TY

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

w6ya

Decoy

auden-audio.com

zombieodyssey.com

hdpthg.com

toddtechnical.com

njsdgz.com

yieldfarm.world

guardsveirfynews.net

atmamandir.info

eskisehirtostcusu.online

arrozz.net

v99king.win

jaxonboxing.com

morganevans.net

syandeg.com

valleyofplants.com

corsosportorico.com

tak.support

blacktgpc.com

herdpetshop.com

iifkvhns.xyz

Targets

- Target
  
  f89aeda946171325b3cc41db4e0c7356_JaffaCakes118
- Size
  
  251KB
- MD5
  
  f89aeda946171325b3cc41db4e0c7356
- SHA1
  
  83da10df168a7801bef8257fcbdc23bf18f0d15c
- SHA256
  
  5beadd0ecc9f1407dab89746630fddf7362dd00323e6a5e5413a0c286e2ee583
- SHA512
  
  229332eb6bec4208a2eb9055237ee5ac83a9da577ce04f2a0a9bad2c6c113b815ff60876d265f344d10d36d20da3bb4444ef2c8896fe9dc6005bac73a3c902ab
- SSDEEP
  
  6144:wBlL/cYzuovWn9oMSJgRXlD9LhVLwsLXUMn3ua/TY:Cecuo+yMSYlebMn3ua/TY
Score

10^/10

formbook w6ya rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/jaqxzro.dll
- Size
  
  29KB
- MD5
  
  1e8aa5fcc0f7de7a0836081dd9efff05
- SHA1
  
  48317ef5f587f52fd34b42164dfb893dcde95e1b
- SHA256
  
  5389af7b3d0f5a3496cd2aa538a6ee01fd5a9bd1a8fcf3b9411f4112313d43af
- SHA512
  
  addd27d8923bf5d3f7d87e3eb2f6138d05532aa7c9340fde2f998a84fa87f227b63cd515176940de099d4f8dc46d1ab7467f4e347e266d0ef128d7337d79ea16
- SSDEEP
  
  384:IcOhNOWCf3iUgfews69swci/+9YFmtgqQzZQFORdP2NG6zZHZD24mYfVSUB+V6G4:DC9szi/MeqQqgRd2pZMbwjGANT5
Score

10^/10

formbook w6ya rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Loads dropped DLL

Suspicious use of SetThreadContext

Formbook

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4