formbook

General

Target

fc5a615198e809bda28ef71431e13367_JaffaCakes118
Size

415KB
Sample

240420-khd9badc8v
MD5

fc5a615198e809bda28ef71431e13367
SHA1

9dc5968a658de7cce2930abe892da0350c82c716
SHA256

3db4d4a2dc190c6ca349f576eb9e87b828b93e8623df8559a420b981b7a3fa26
SHA512

aed4a3dbd0c806ebe2f5f7dc6d8dc57b14af7624d17bf113ed0874957959d5ac7cfbd84bb3e016b8e7dbcc7aa37abd196cb0ff626c4a64d2bfd2f83f1064d66f
SSDEEP

6144:7lbxPE6FRU4YeILAqtD7mRS/ogvKWJSyI5peOu3eUm8GTlaz+keAfl51Q7eWM:7rxUReILAqtDn6yIne3eiGlaz2O51Qiv

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ckvl

Decoy

buketmert.com

hodu61.net

avenuecaca.com

kays.kitchen

8ky4.com

pretty-zoo.com

ds613.com

sacramentohemorrhoidcenter.com

icbcpd.com

zzinpick.com

cloudtestingrules.com

2020-especial-em-casa.com

lapdwde83.club

misionsanlorenzo.com

neenaknows.com

jlsqjjz.com

cazconstructionservices.com

ashihun75.icu

elvantage.com

youmovies.site

Targets

- Target
  
  fc5a615198e809bda28ef71431e13367_JaffaCakes118
- Size
  
  415KB
- MD5
  
  fc5a615198e809bda28ef71431e13367
- SHA1
  
  9dc5968a658de7cce2930abe892da0350c82c716
- SHA256
  
  3db4d4a2dc190c6ca349f576eb9e87b828b93e8623df8559a420b981b7a3fa26
- SHA512
  
  aed4a3dbd0c806ebe2f5f7dc6d8dc57b14af7624d17bf113ed0874957959d5ac7cfbd84bb3e016b8e7dbcc7aa37abd196cb0ff626c4a64d2bfd2f83f1064d66f
- SSDEEP
  
  6144:7lbxPE6FRU4YeILAqtD7mRS/ogvKWJSyI5peOu3eUm8GTlaz+keAfl51Q7eWM:7rxUReILAqtDn6yIne3eiGlaz2O51Qiv
Score

10^/10

formbook ckvl rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2