formbook | ca49aa362621679944ff2bb5c323dbb64ef5f0364dff1be6168c0657962296ec | Triage

Sharing

General

Target

50282da5093e3086fcde377c5e8e28bdJaffaCakes118.bin
Size

264KB
Sample

240517-3ag94sgc5z
MD5

50282da5093e3086fcde377c5e8e28bd
SHA1

f8468c9953686b0b77dfb6949866c68b628ce73d
SHA256

ca49aa362621679944ff2bb5c323dbb64ef5f0364dff1be6168c0657962296ec
SHA512

7a60e543a0b918591c7dcec8286175ce3c2e746c18055ac5439a9790469b9152ab2f50be6dc7d8f70d0b4002e7b51a9e32a685befb83dc971311deca65c46818
SSDEEP

6144:G/HhXZxNiTGAATtFH0zpVVDkYx7pvX9GD:iXZykBFHApVVLFdXsD

Score

10^/10

formbook j0g2z5t rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

j0g2z5t

Decoy

nikolajslot.com

buysellhkonline.com

citytireandmuffler.com

moodichocolate.com

hiresses.com

1577584.com

chantaljamet.com

madamrichest.com

catfooddude.com

the9-city.com

dota2.red

risottomyway.com

cmbgw.com

ospreylandingfl.com

nmkindustries.com

video-cuentos.com

rktcont.net

suresourcetreatment.com

molinaroscollision.com

femmefetefashions.com

Targets

- Target
  
  50282da5093e3086fcde377c5e8e28bdJaffaCakes118.bin
- Size
  
  264KB
- MD5
  
  50282da5093e3086fcde377c5e8e28bd
- SHA1
  
  f8468c9953686b0b77dfb6949866c68b628ce73d
- SHA256
  
  ca49aa362621679944ff2bb5c323dbb64ef5f0364dff1be6168c0657962296ec
- SHA512
  
  7a60e543a0b918591c7dcec8286175ce3c2e746c18055ac5439a9790469b9152ab2f50be6dc7d8f70d0b4002e7b51a9e32a685befb83dc971311deca65c46818
- SSDEEP
  
  6144:G/HhXZxNiTGAATtFH0zpVVDkYx7pvX9GD:iXZykBFHApVVLFdXsD
Score

10^/10

formbook j0g2z5t rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookj0g2z5tratspywarestealertrojan

behavioral2

formbookj0g2z5tratspywarestealertrojan