formbook

General

Target

4a88ef067c92ec50842f31d0cd49ceee_JaffaCakes118
Size

715KB
Sample

240516-l4jxcsfd3x
MD5

4a88ef067c92ec50842f31d0cd49ceee
SHA1

fca2bb6c3785c7d786a5c13d05043ce004a9b618
SHA256

5c08d875ce6e830acd443b62b7db10aac4d335afcee20423a703ea0c15b36368
SHA512

25b17a4f0b1bd202cd53f8f98ec4f96cb477386abe1f84081f1a98c0a0d3f97101a0907c7f276e0894a1b0c5b5a3877b362d89f82a48930dbbdf8a21a088a988
SSDEEP

12288:Q2m9mygck7g4++RWR7imOxL80hHtlY6k3B0G/DV7HU+javpV2g:/2TgBtmRfOV3Htm6k3mGhHU+jaxA

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

d003

Decoy

grupojcs.com

sdiezk.com

crazycravecosmetics.com

addison.site

gaziantepcicekal.com

globetrotterscourier.online

ppluav69.com

desanitarium.com

jiuxutang.net

rennaidangpu.com

wkc365.com

meanfarmer.net

yeosuchonnom.com

9876n.com

aesthetics-academy.com

chaoyumoju.com

tuscoordenadas.com

diveregalos.com

bombougeral.info

roxfranzhoerspringstzer.win

Targets

- Target
  
  4a88ef067c92ec50842f31d0cd49ceee_JaffaCakes118
- Size
  
  715KB
- MD5
  
  4a88ef067c92ec50842f31d0cd49ceee
- SHA1
  
  fca2bb6c3785c7d786a5c13d05043ce004a9b618
- SHA256
  
  5c08d875ce6e830acd443b62b7db10aac4d335afcee20423a703ea0c15b36368
- SHA512
  
  25b17a4f0b1bd202cd53f8f98ec4f96cb477386abe1f84081f1a98c0a0d3f97101a0907c7f276e0894a1b0c5b5a3877b362d89f82a48930dbbdf8a21a088a988
- SSDEEP
  
  12288:Q2m9mygck7g4++RWR7imOxL80hHtlY6k3B0G/DV7HU+javpV2g:/2TgBtmRfOV3Htm6k3mGhHU+jaxA
Score

10^/10

formbook d003 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2