formbook

General

Target

5d5297752ebeacf205e85da6abee7b51_JaffaCakes118
Size

316KB
Sample

240520-fq5c9ade9s
MD5

5d5297752ebeacf205e85da6abee7b51
SHA1

effbac213eaf8215922eebeeb9af3c0c0ff4db72
SHA256

a1eaf372496b5a54a67e772fe031414ce104886fddd2f775123759c2bcb3819c
SHA512

5a2d105c33673ec3aa8bcf7f2e6de3c825a3e45ba57b209b5c94cf9011a481790ff7f9b9c9331339ad6766500c9f64b87d38ef0191943302403bab77d804c214
SSDEEP

6144:AX2rqWgiLCLD8G/5qrXiSia2KxgwtCZQ:AmrnLCLDSrXwa2KHtcQ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

ch77

Decoy

mkgroupjo.com

5542sss.com

flightmeadery.com

xn--rss22ky99a.com

huangdigan.net

homefinanceoption.com

xn--yh4bv0fa.com

233bu.com

malcolminternational.info

intercalperu.com

myfreestyleonline.com

vandaliapress.com

hubeijundu.com

uql22ze.com

online-biz-internet-orlando.com

13390181555.com

makadibay.online

rente-bike.com

xn--io3aw0du0f.com

akchurch.com

Targets

- Target
  
  5d5297752ebeacf205e85da6abee7b51_JaffaCakes118
- Size
  
  316KB
- MD5
  
  5d5297752ebeacf205e85da6abee7b51
- SHA1
  
  effbac213eaf8215922eebeeb9af3c0c0ff4db72
- SHA256
  
  a1eaf372496b5a54a67e772fe031414ce104886fddd2f775123759c2bcb3819c
- SHA512
  
  5a2d105c33673ec3aa8bcf7f2e6de3c825a3e45ba57b209b5c94cf9011a481790ff7f9b9c9331339ad6766500c9f64b87d38ef0191943302403bab77d804c214
- SSDEEP
  
  6144:AX2rqWgiLCLD8G/5qrXiSia2KxgwtCZQ:AmrnLCLDSrXwa2KHtcQ
Score

10^/10

formbook ch77 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2