formbook

General

Target

25d706432a68e859f5077ddbc32ad080_JaffaCakes118
Size

832KB
Sample

240508-vk8aaaed8z
MD5

25d706432a68e859f5077ddbc32ad080
SHA1

590d9c3130d54d383adf6a8cd5a23cf37bfd30f1
SHA256

0b99070aab5819f15a3f08f1c7840bd9c255883bc9b225cb4b4695593670d905
SHA512

851a7cc56fb9d6dbe25519b69df6ebdfc748e954094f0bae54fdae37e2b43d887b117d9d50ee169ba2280a6f00d8bb597bae609dd57d5eedc8ced7db3f560f1d
SSDEEP

12288:NglZopx11vLYE0hZ6Nwd6sOEI/xDId2ylzeDjR34XuTBVs9PhylvcIca:NVj1yF4i6sGpylSni+TBV0P8cIca

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.0

Campaign

3iw

Decoy

cepbank-direkt.com

lieoga.com

officialbetterbeardclub.com

media0702.com

safariflorist.com

vipinternationalinc.com

bitechanalytics.com

employeewage.com

truckingtag.com

priyaladiestailor.com

highlanderpiping.com

enargiapetroleum.com

vermilionranch.com

focusopgeld.com

kalem-euy.net

disypen.com

fairpayva.com

davidguner.com

idreferensi.com

dytt889.com

Targets

- Target
  
  25d706432a68e859f5077ddbc32ad080_JaffaCakes118
- Size
  
  832KB
- MD5
  
  25d706432a68e859f5077ddbc32ad080
- SHA1
  
  590d9c3130d54d383adf6a8cd5a23cf37bfd30f1
- SHA256
  
  0b99070aab5819f15a3f08f1c7840bd9c255883bc9b225cb4b4695593670d905
- SHA512
  
  851a7cc56fb9d6dbe25519b69df6ebdfc748e954094f0bae54fdae37e2b43d887b117d9d50ee169ba2280a6f00d8bb597bae609dd57d5eedc8ced7db3f560f1d
- SSDEEP
  
  12288:NglZopx11vLYE0hZ6Nwd6sOEI/xDId2ylzeDjR34XuTBVs9PhylvcIca:NVj1yF4i6sGpylSni+TBV0P8cIca
Score

10^/10

formbook 3iw rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2