formbook

General

Target

540cc0848059d473dc51b3160d9629df_JaffaCakes118
Size

727KB
Sample

240518-ldvk6sdc98
MD5

540cc0848059d473dc51b3160d9629df
SHA1

9591f93de3c8e77f3bd35e00bd7289f617471408
SHA256

999f1f5b2c273f90b82ef65ae5e1e0ad4bbfb8612eb97ef9217f782ddd587c06
SHA512

f1286a1da339bfe0a42f007f2e7c0ba722650f38d9b6a3916d4882630bf2a3fd84e62698f1bda8056bd94cebd050adcf36354a4dd2df6271ffd10e7c9a37903d
SSDEEP

12288:SYV6MorX7qzuC3QHO9FQVHPF51jgcEzhvw4hu345psuQP11SOZjm//k:hBXu9HGaVHEjhu3OpsuQP11SWjmU

Score

10^/10

formbook wo rat spyware stealer trojan upx

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

wo

Decoy

bcmigt.com

spiraltowellness.com

n1112.com

zhangyuping8.com

mthopehauntedhayride.com

heseniorlivingnow.live

ironkalip.com

ebookadmin.com

jacobssf.net

whosdownnewyork.com

8uwxb7b-7yxl754.com

bees.reisen

xn--y8jte7b913sqdjhiam386a.com

fixallthefiles.com

zimagazine.com

stylelesh.com

burnque.com

blogbelezafeminina.info

rbnbtzf.info

lifeoflin.com

Targets

- Target
  
  540cc0848059d473dc51b3160d9629df_JaffaCakes118
- Size
  
  727KB
- MD5
  
  540cc0848059d473dc51b3160d9629df
- SHA1
  
  9591f93de3c8e77f3bd35e00bd7289f617471408
- SHA256
  
  999f1f5b2c273f90b82ef65ae5e1e0ad4bbfb8612eb97ef9217f782ddd587c06
- SHA512
  
  f1286a1da339bfe0a42f007f2e7c0ba722650f38d9b6a3916d4882630bf2a3fd84e62698f1bda8056bd94cebd050adcf36354a4dd2df6271ffd10e7c9a37903d
- SSDEEP
  
  12288:SYV6MorX7qzuC3QHO9FQVHPF51jgcEzhvw4hu345psuQP11SOZjm//k:hBXu9HGaVHEjhu3OpsuQP11SWjmU
Score

10^/10

formbook wo rat spyware stealer trojan upx
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

UPX packed file

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2