formbook

Sharing

Copy URL

Twitter E-mail

General

Target

5ca3fdf3bf5727f8362e9586473c0ee8_JaffaCakes118
Size

348KB
Sample

240520-ckct9sfc5x
MD5

5ca3fdf3bf5727f8362e9586473c0ee8
SHA1

a3bc51f2cc8ff45605f82fe52a030d2b8759c92f
SHA256

15b998430382125aff0b32c83b7685f19ec873c18a0a0160a257f6a886dad659
SHA512

4070ec74cb0e2b74863b32857b6b914abdd5c4b579b9682b67bfeecac9c0ce3dff3c98049adee8bd4f420b0c3838a62dfdcdf8a64225bce1fea27261f260ff20
SSDEEP

6144:P5UyIJOSGUfwPcU8s9JXxKnJsbTPqL7iBd5Nk/cqxD6uW39Ib71f:dIJUDc69JBKJWBC/cqxK9e

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

c190

Decoy

youxisousuo.com

fabiast.win

mmweddingplanners.com

banmuonden.com

bulnitayiesfde.com

9q1s.com

cursodeinduccion.com

tvipatinga.com

cdkeysgenerator.com

thebestwaterinbelfast.com

gianlucacolombo.net

jetereconnais.com

design-linkage.com

sohogreenbay.net

skinjamonline.com

witechenterprise.net

9gcg.com

hometowngrowers.com

prettypix.events

standupand.com

Targets

- Target
  
  5ca3fdf3bf5727f8362e9586473c0ee8_JaffaCakes118
- Size
  
  348KB
- MD5
  
  5ca3fdf3bf5727f8362e9586473c0ee8
- SHA1
  
  a3bc51f2cc8ff45605f82fe52a030d2b8759c92f
- SHA256
  
  15b998430382125aff0b32c83b7685f19ec873c18a0a0160a257f6a886dad659
- SHA512
  
  4070ec74cb0e2b74863b32857b6b914abdd5c4b579b9682b67bfeecac9c0ce3dff3c98049adee8bd4f420b0c3838a62dfdcdf8a64225bce1fea27261f260ff20
- SSDEEP
  
  6144:P5UyIJOSGUfwPcU8s9JXxKnJsbTPqL7iBd5Nk/cqxD6uW39Ib71f:dIJUDc69JBKJWBC/cqxK9e
Score

10^/10

formbook c190 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fbe295e5a1acfbd0a6271898f885fe6a
- SHA1
  
  d6d205922e61635472efb13c2bb92c9ac6cb96da
- SHA256
  
  a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1
- SHA512
  
  2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06
- SSDEEP
  
  192:yPtkiQJr7V9r3Ftr87NfwXQ6whlgi62V7i77blbTc4DI:N7Vxr8IgLgi3sVc4
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  ab101f38562c8545a641e95172c354b4
- SHA1
  
  ec47ac5449f6ee4b14f6dd7ddde841a3e723e567
- SHA256
  
  3cdf3e24c87666ed5c582b8b028c01ee6ac16d5a9b8d8d684ae67605376786ea
- SHA512
  
  72d4b6dc439f40b7d68b03353a748fc3ad7ed10b0401741c5030705d9b1adef856406075e9ce4f1a08e4345a16e1c759f636c38ad92a57ef369867a9533b7037
- SSDEEP
  
  96:o3W4JlD3c151V1gQoE8cxM2DjDf3GEst+Nt+jvcx4K8qndYv0PLE:o3p3ggQF8REskpxZdO0PLE
Score

3^/10
behavioral5 behavioral6
- Target
  
  $TEMP/votary.dll
- Size
  
  9KB
- MD5
  
  3d73e5b3c8b9afda7503fb9f48301046
- SHA1
  
  d96a69633403520e407447719a90478e9f7a74ca
- SHA256
  
  a575479145477d134099eef830bca17080abfa84295550e5d83788fb4a5653e2
- SHA512
  
  36b11cc95aaa77c3e8c7d3545089d61ef0767c01fcc0e4622025150d8be65d98a394491376a10589554ad370d49e07e36efc42968663841bd018dc29b6766d2b
- SSDEEP
  
  96:xrIEuKoCgsQyF8BLkgaNLvDrKVKm5EzmjDlxqE58wVAPNFFHURNDdwTUKDvyd:CvHs4LrCLv05EKlxWw8FFmNZus
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8