formbook

General

Target

143b80f264153a0a77ee599f2806702f_JaffaCakes118
Size

492KB
Sample

240504-yktnnshb5t
MD5

143b80f264153a0a77ee599f2806702f
SHA1

bce954b1509a8fb595ec06e21ff51561026f8e4d
SHA256

b1a84ffa5466f9eaa0c03eec38370ec5451c92c0acc7e432c3f60a6ee7b322a0
SHA512

1035871c053f9990a926725943d35906b0f2d8f29f7acd8473fa19c21eb392e3bac585742236c9c2dfd21f80a2dc4f679db5c947d5bab896bfcaf3cabe4cb019
SSDEEP

6144:fSti4jd0sf5VB2t4BMGMOzOUyeoya+FhuBW:fSti4Sit53MOzOveTaO8BW

Score

10^/10

formbook sl rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

sl

Decoy

man085.com

splnkr.com

ecogasuk.com

chefdominick.com

gopay.site

littlehootyoga.com

xmhailibu.com

maerz-it.com

garrongoshen.com

mstestlabo2.online

thepatioideas.com

loftiscpa.net

p3juices.com

knot-experts.win

hell.enterprises

luisa-anderson.com

transporterivas.com

lispic.com

admiralswitch.win

onionscreative.com

Targets

- Target
  
  143b80f264153a0a77ee599f2806702f_JaffaCakes118
- Size
  
  492KB
- MD5
  
  143b80f264153a0a77ee599f2806702f
- SHA1
  
  bce954b1509a8fb595ec06e21ff51561026f8e4d
- SHA256
  
  b1a84ffa5466f9eaa0c03eec38370ec5451c92c0acc7e432c3f60a6ee7b322a0
- SHA512
  
  1035871c053f9990a926725943d35906b0f2d8f29f7acd8473fa19c21eb392e3bac585742236c9c2dfd21f80a2dc4f679db5c947d5bab896bfcaf3cabe4cb019
- SSDEEP
  
  6144:fSti4jd0sf5VB2t4BMGMOzOUyeoya+FhuBW:fSti4Sit53MOzOveTaO8BW
Score

10^/10

formbook sl rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2