formbook

General

Target

fcc476ac485651017cc49abe9fcdbaeb_JaffaCakes118
Size

540KB
Sample

240420-pl8pjsgf73
MD5

fcc476ac485651017cc49abe9fcdbaeb
SHA1

de84f7ae453f48d18934db6d99072170ec7b1ee4
SHA256

125a3d1084a3f13ca811f5fbecdbade8d6e2b2c5d73a686674c6ff244ec99f68
SHA512

12d3c58c070a5cf8f9e4566693b312bcfb42a155d8767c607d4a91939f6cfff1a88460c2c80b3b12f50707b4fa845740b62973caa667477dc629a70beeae5ead
SSDEEP

6144:u27T6Uqrl8bPWJLWlGwCF1y27MIO3tCRRn846pSBKFi4U73TMW+OJz921AsOjzoC:1SU/b0LtF1XyARP+rFM3T+0rN5dp

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

zd9n

Decoy

statim-transition.com

puregreencircle.com

shoppy-memories.com

name4iching.com

lottieslabel.com

moreatrokkss.com

yeheto.com

coachimprint.com

arthero.xyz

shophairsaints.com

asfcouture.com

5632terraindegolf.com

visiodune.com

tejasfood.com

saanviweaves.com

testtrial.xyz

twerkvideos.xyz

bevelbuilders.com

erbilwater.com

floridaeventsnews.com

Targets

- Target
  
  fcc476ac485651017cc49abe9fcdbaeb_JaffaCakes118
- Size
  
  540KB
- MD5
  
  fcc476ac485651017cc49abe9fcdbaeb
- SHA1
  
  de84f7ae453f48d18934db6d99072170ec7b1ee4
- SHA256
  
  125a3d1084a3f13ca811f5fbecdbade8d6e2b2c5d73a686674c6ff244ec99f68
- SHA512
  
  12d3c58c070a5cf8f9e4566693b312bcfb42a155d8767c607d4a91939f6cfff1a88460c2c80b3b12f50707b4fa845740b62973caa667477dc629a70beeae5ead
- SSDEEP
  
  6144:u27T6Uqrl8bPWJLWlGwCF1y27MIO3tCRRn846pSBKFi4U73TMW+OJz921AsOjzoC:1SU/b0LtF1XyARP+rFM3T+0rN5dp
Score

10^/10

formbook zd9n rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2