formbook

General

Target

fd032e026a2d0dc8f80370acf62e120c4a04fb1fd46318839f162f1949ad0edf_JaffaCakes118
Size

867KB
Sample

240420-r9tawaba39
MD5

86f59231b4d4b92d9d41a16a142380fe
SHA1

3bbadc59af1d5358c0565eadc51ce777d47a0dda
SHA256

fd032e026a2d0dc8f80370acf62e120c4a04fb1fd46318839f162f1949ad0edf
SHA512

1b98f0c970819f7a1f5fb2b8566b4b0c0abb126b747f092f90587189f345a5d3672446b1e762752c3ffcdd0b2f92f28bcb2538e8e14af5abd2b5013a1a0bcaff
SSDEEP

12288:gU6HguXUVUAfIOsgKwDV+nm5vc19ApsWSyO7rbdTrcL/SIIcM8zh:EgzQwB8mhMtV5g8z8zh

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g11y

Decoy

dianedaily.com

grabius.fun

aboodivesakaran.com

ttasum.site

softlytictechpro.com

charlenenicholls.com

money254.info

saleanycoin.com

zhlnas.top

bushelandabean.com

ggaperformance.com

rm168vip.life

getconsol.com

empower-excellence.com

pompgarden.com

spartanburghistorytour.com

thewrkrbees.com

baoslot-adm.com

bizchatgpt777.com

testdomenkinogid-new-1.buzz

Targets

- Target
  
  fd032e026a2d0dc8f80370acf62e120c4a04fb1fd46318839f162f1949ad0edf_JaffaCakes118
- Size
  
  867KB
- MD5
  
  86f59231b4d4b92d9d41a16a142380fe
- SHA1
  
  3bbadc59af1d5358c0565eadc51ce777d47a0dda
- SHA256
  
  fd032e026a2d0dc8f80370acf62e120c4a04fb1fd46318839f162f1949ad0edf
- SHA512
  
  1b98f0c970819f7a1f5fb2b8566b4b0c0abb126b747f092f90587189f345a5d3672446b1e762752c3ffcdd0b2f92f28bcb2538e8e14af5abd2b5013a1a0bcaff
- SSDEEP
  
  12288:gU6HguXUVUAfIOsgKwDV+nm5vc19ApsWSyO7rbdTrcL/SIIcM8zh:EgzQwB8mhMtV5g8z8zh
Score

10^/10

formbook g11y rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2