formbook

Sharing

Copy URL

Twitter E-mail

General

Target

4b580aef493e3c12ff7c8c059cb73973_JaffaCakes118
Size

327KB
Sample

240516-qxkbrsff72
MD5

4b580aef493e3c12ff7c8c059cb73973
SHA1

efd2ba7c60ecd1d4e70850406d3d62f4c979eeef
SHA256

6999f846f01515ae48c049e1114b0cebad84d0eb047c10684eff81e9d391ad0b
SHA512

3822cd04861c1497241ac611bbc89b313df0d2bbd43b09f3cf1cf43ae796e4cf1254a73619f421480e5b0cd1b5e7bb36dd5d398a344e08e7f4ef091b939f22c7
SSDEEP

6144:r5L8cieNER8g5TNAKzLB1/1VS7EcsAFhr6RY6NLAnswHeGgoSKJLiWkFdDPNXcKd:Z8ciqEJViO1rSR56n0swHLjiBSKB9Z

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

c191

Decoy

yegua.rocks

retouraffectifrapide.com

mediacionelite.com

carrosseriemartins.com

filminglombokindonesia.com

rwpygl.info

wkwlkj.com

yjeoevqdaf.info

margaretaphotographs.com

damaskfabricandtextiles.com

woofgang.life

goodhabitsapp.com

kunweishidai.com

kuaizhilian.com

parkaraya.com

globallogic-us.com

charlottephotoboothrental.com

pouchbagsupplier.com

njlgmq.com

nazreenakhtar.com

Targets

- Target
  
  4b580aef493e3c12ff7c8c059cb73973_JaffaCakes118
- Size
  
  327KB
- MD5
  
  4b580aef493e3c12ff7c8c059cb73973
- SHA1
  
  efd2ba7c60ecd1d4e70850406d3d62f4c979eeef
- SHA256
  
  6999f846f01515ae48c049e1114b0cebad84d0eb047c10684eff81e9d391ad0b
- SHA512
  
  3822cd04861c1497241ac611bbc89b313df0d2bbd43b09f3cf1cf43ae796e4cf1254a73619f421480e5b0cd1b5e7bb36dd5d398a344e08e7f4ef091b939f22c7
- SSDEEP
  
  6144:r5L8cieNER8g5TNAKzLB1/1VS7EcsAFhr6RY6NLAnswHeGgoSKJLiWkFdDPNXcKd:Z8ciqEJViO1rSR56n0swHLjiBSKB9Z
Score

10^/10

formbook c191 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/Splash.dll
- Size
  
  4KB
- MD5
  
  3f35f73787f0c3bb5e59445fb18ade0d
- SHA1
  
  f1566faff96c3988cfc28dc7d433094b6348cdbf
- SHA256
  
  5570969d22a33c23b60c5f5536f781219e458a869b77b8dde4a94cc124ee4de6
- SHA512
  
  45c42ea95f53a3b8a3fd74bd55ad6f0b3f2b91dd969104de845fd819fe307dec2b4d472bee45554500b0c51052ee82ac98196e894af806edf67a947328474e57
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fbe295e5a1acfbd0a6271898f885fe6a
- SHA1
  
  d6d205922e61635472efb13c2bb92c9ac6cb96da
- SHA256
  
  a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1
- SHA512
  
  2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06
- SSDEEP
  
  192:yPtkiQJr7V9r3Ftr87NfwXQ6whlgi62V7i77blbTc4DI:N7Vxr8IgLgi3sVc4
Score

3^/10
behavioral5 behavioral6
- Target
  
  $TEMP/alerting.dll
- Size
  
  9KB
- MD5
  
  899df66ecc89a8b62a4e01e719790daf
- SHA1
  
  81a289f7fe4560995b11c344ffe145df570a14e2
- SHA256
  
  b798c94ed8f6832b83fb5c6ca5c071dcac11e363fbfd4ce34dc68ff02a77678c
- SHA512
  
  300e7ac987ca9d012758ed9521c27f50a9f89440e2b5fe0ed3b3c0a48b13496c82f9ad1761a3d12e21f8622ef5a52082dd44aa30e3b97a2d6c054d2ca924cd7d
- SSDEEP
  
  96:lfVOeBcQ5YgX2Eoz8lntM68+Ne256BN9MygJKVlRWAbb7rztCtuuOos4ykTvjDlW:iQ+Vnz8lnttwT/aOos4ykTflxWw82f
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8