formbook

General

Target

5ee46295b565a80943c79c4adee9dec7_JaffaCakes118
Size

237KB
Sample

240520-nwgs5sad71
MD5

5ee46295b565a80943c79c4adee9dec7
SHA1

088040d934fc1f30424def22adf3a8063c09bfda
SHA256

092604ea968c54cd13c04fe2e85a4f5ec9e5b6ad5c83577160d1108c69156bf2
SHA512

b77b40775ef3581f8d6dade14d8672cf55c9e433c76956a59182e3d01971f6e5209d5e3ed30ba0bd989d73aa9d3956b0dc8bd99427c5179f9c4e7efb9824b406
SSDEEP

6144:VIH3fprvmAlYazYP+FqKfr0w6T+J0qwHkbAhfUKE6R3o:OXxuCYaFZB07QA+K3J

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b4630

Decoy

touchlessfund.com

tokenizemortgage.com

suninfosystem.net

eugeneskeef.com

comprindoameta.com

simonhousecopake.com

mastergrannyflats.net

hocahanim-dogalurunler.com

skoolsoftware.com

remoteittrainer.com

digitalchurchchallenge.com

poslenastishina.com

officialamandacoppotelli.com

nomadadventuretours.com

prayforlouisiana.com

prochain.finance

heroesrisingtocurecancer.com

caresalt.com

vizslatshirt.com

defengineer.com

Targets

- Target
  
  5ee46295b565a80943c79c4adee9dec7_JaffaCakes118
- Size
  
  237KB
- MD5
  
  5ee46295b565a80943c79c4adee9dec7
- SHA1
  
  088040d934fc1f30424def22adf3a8063c09bfda
- SHA256
  
  092604ea968c54cd13c04fe2e85a4f5ec9e5b6ad5c83577160d1108c69156bf2
- SHA512
  
  b77b40775ef3581f8d6dade14d8672cf55c9e433c76956a59182e3d01971f6e5209d5e3ed30ba0bd989d73aa9d3956b0dc8bd99427c5179f9c4e7efb9824b406
- SSDEEP
  
  6144:VIH3fprvmAlYazYP+FqKfr0w6T+J0qwHkbAhfUKE6R3o:OXxuCYaFZB07QA+K3J
Score

10^/10

formbook b4630 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1

T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2