formbook

General

Target

26aa9b7bf926ffa61dd823895ce0a868_JaffaCakes118
Size

766KB
Sample

240508-zkrdzseg4v
MD5

26aa9b7bf926ffa61dd823895ce0a868
SHA1

f7ae1863e31a855feb8956b3c113afb8a1992e47
SHA256

51be25e5c754614603992540797d953736c4ac163818db5de69734fabb2f8f82
SHA512

08cf1deef378097a14a94b5fdd1186865cf18c62f010ddf4bfd714faf869232385cc8cf9682328fae2752bd5690034e4239c2fb8878defce53c7d4918f2f5050
SSDEEP

12288:b58WhWmNEYOyd4Sau/yaqDzjnOeX6nKAZgDpaSO3nMJibf41y99zzSl+XoEzz1wt:b5dxN/4k/yGrB9zztzzK

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gtb

Decoy

kbsvipbags.com

grandma-salt.com

org-id100.info

marketobserverllc.com

robjmccarthy.com

orbitnest.com

7d5d.com

hotdealsallday.com

kaban-shitsuji.com

eivisionexport.com

luatfv.com

creationxbydom.com

realjuku.com

roast365.com

epis2020.com

schcman.com

xn--pimi-ooa.com

jobshustle.com

rightnewswire.com

seguonra.com

Targets

- Target
  
  26aa9b7bf926ffa61dd823895ce0a868_JaffaCakes118
- Size
  
  766KB
- MD5
  
  26aa9b7bf926ffa61dd823895ce0a868
- SHA1
  
  f7ae1863e31a855feb8956b3c113afb8a1992e47
- SHA256
  
  51be25e5c754614603992540797d953736c4ac163818db5de69734fabb2f8f82
- SHA512
  
  08cf1deef378097a14a94b5fdd1186865cf18c62f010ddf4bfd714faf869232385cc8cf9682328fae2752bd5690034e4239c2fb8878defce53c7d4918f2f5050
- SSDEEP
  
  12288:b58WhWmNEYOyd4Sau/yaqDzjnOeX6nKAZgDpaSO3nMJibf41y99zzSl+XoEzz1wt:b5dxN/4k/yGrB9zztzzK
Score

10^/10

formbook gtb rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2