formbook

General

Target

faa036cbca3230e8df524875427c41fd_JaffaCakes118
Size

753KB
Sample

240419-s5dv3aha4z
MD5

faa036cbca3230e8df524875427c41fd
SHA1

9e3f388448f7c7ca4dcde0ab6fda56897a3afc53
SHA256

51c9e29ebe25067c055b664cacc4c4d46b8d19bddd488936c3bab19906311806
SHA512

466d0b9333699799c787253c50bce6daa2e8ec34d99a529cd72e6b4bb70705a906fb1ddb3269dbf15a38bfebfcddd4c53a2215da43f65a4555115c04d3d2e81e
SSDEEP

12288:D0UhJO0COsBgo0q4wMm2lINuWber+ZXocxP74+VlkJaPeDCzgDG010kz4:D0UhCOsBgo0q4wMnbAe6v74+jktDYgl2

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

z7a

Decoy

dotstories.xyz

egd-dz.com

caringhealthrecruit.com

transportdupont.com

teh-support.pro

catfad.com

pinewoodlakepool.net

pendekar-qq.info

duplicuty-garden.com

librtshop.com

stepmed.life

seatplusplus.com

bluzelle.money

weflew.xyz

bolaci.com

arrebatamentonews.com

sukesanblog.com

shadow-campaign.com

anpfiff.net

taste-of-poland.com

Targets

- Target
  
  faa036cbca3230e8df524875427c41fd_JaffaCakes118
- Size
  
  753KB
- MD5
  
  faa036cbca3230e8df524875427c41fd
- SHA1
  
  9e3f388448f7c7ca4dcde0ab6fda56897a3afc53
- SHA256
  
  51c9e29ebe25067c055b664cacc4c4d46b8d19bddd488936c3bab19906311806
- SHA512
  
  466d0b9333699799c787253c50bce6daa2e8ec34d99a529cd72e6b4bb70705a906fb1ddb3269dbf15a38bfebfcddd4c53a2215da43f65a4555115c04d3d2e81e
- SSDEEP
  
  12288:D0UhJO0COsBgo0q4wMm2lINuWber+ZXocxP74+VlkJaPeDCzgDG010kz4:D0UhCOsBgo0q4wMnbAe6v74+jktDYgl2
Score

10^/10

formbook z7a rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2