formbook

General

Target

5d7ccd79635f7101a35091fab2dbcc76_JaffaCakes118
Size

352KB
Sample

240520-gje1fsec73
MD5

5d7ccd79635f7101a35091fab2dbcc76
SHA1

24caef2e796d9ed991a0411be0bf4d4320746dfc
SHA256

45856c169355ee7101dc2789e1a476ab2df3a48a9deccb6e3927b87ee3781f63
SHA512

803198e3e5edaaf1b5bbe4b46f877808afbe2ca681b731d9d5987befb164e7ca73bac6ef49c16479b5bb2b05a4d4690cd3658fa2c92c7e718b39fccd2f9bcffc
SSDEEP

6144:3a1tfKj5T9F19/CcKKgDfcmQXX/9XniChgrVXIv:mtfKjzTpwKQdASCheV

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

llg

Decoy

www8557q.com

112161.info

ys-pictures.com

ghgh44.com

worldgametours.com

bthrdq.com

ipmptraining.com

natoriaray.com

colourfulberries.download

ar-consulting.net

yourgoddessrocks.com

fluencymatters.info

marmarisdogumfotografcisi.com

akifgroups.com

comma-ae.com

jmgtunes.com

hermosacanas.com

stephaniebelenphoto.com

xn--2z1bo89bb0e.com

keepsmilinglabs.com

Targets

- Target
  
  5d7ccd79635f7101a35091fab2dbcc76_JaffaCakes118
- Size
  
  352KB
- MD5
  
  5d7ccd79635f7101a35091fab2dbcc76
- SHA1
  
  24caef2e796d9ed991a0411be0bf4d4320746dfc
- SHA256
  
  45856c169355ee7101dc2789e1a476ab2df3a48a9deccb6e3927b87ee3781f63
- SHA512
  
  803198e3e5edaaf1b5bbe4b46f877808afbe2ca681b731d9d5987befb164e7ca73bac6ef49c16479b5bb2b05a4d4690cd3658fa2c92c7e718b39fccd2f9bcffc
- SSDEEP
  
  6144:3a1tfKj5T9F19/CcKKgDfcmQXX/9XniChgrVXIv:mtfKjzTpwKQdASCheV
Score

10^/10

formbook llg rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2