formbook

General

Target

640a5a69bb8bad401d53decd4cc8ca20_JaffaCakes118
Size

428KB
Sample

240521-vehsfacd3s
MD5

640a5a69bb8bad401d53decd4cc8ca20
SHA1

01fa7024fd76ca92eccc565e2c393048b3f11c51
SHA256

67f8ad3999ae43679f67d54be1fd73f0a009b0509f7284ad0ad726615e83e139
SHA512

32b59acacd1ada2c488a91130e28196556687e4b5fb41b46b959ff25ef7cb2ad6e2f77d37a53eadb0b9823bb084547bff841e3d4e47b56491e5fd26ac2cc66f3
SSDEEP

6144:EwuOFkQsk7HjHaPnjsxnxoZunk+dbRyPEIBSSh4a5yZQlgy85iA2p07ybCx7XtnC:MQsk7+LI5RCzjTSybyXZ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

h313

Decoy

kudaspb.info

riven.market

strictlyafricanjapan.win

moresisebank.com

lugg14141.com

musictravelbar.com

snip-store.net

mnum2.com

inevitably.ltd

topskin-care.live

chinasmokingglass.com

milkmuuske.com

gadology.com

lntoken.com

wxtusugangguan.com

freetraffic2upgradeall.review

myhumblenode.com

otodo.site

ryden-mckenna-ltd.com

diminishedunison.com

Targets

- Target
  
  640a5a69bb8bad401d53decd4cc8ca20_JaffaCakes118
- Size
  
  428KB
- MD5
  
  640a5a69bb8bad401d53decd4cc8ca20
- SHA1
  
  01fa7024fd76ca92eccc565e2c393048b3f11c51
- SHA256
  
  67f8ad3999ae43679f67d54be1fd73f0a009b0509f7284ad0ad726615e83e139
- SHA512
  
  32b59acacd1ada2c488a91130e28196556687e4b5fb41b46b959ff25ef7cb2ad6e2f77d37a53eadb0b9823bb084547bff841e3d4e47b56491e5fd26ac2cc66f3
- SSDEEP
  
  6144:EwuOFkQsk7HjHaPnjsxnxoZunk+dbRyPEIBSSh4a5yZQlgy85iA2p07ybCx7XtnC:MQsk7+LI5RCzjTSybyXZ
Score

10^/10

formbook h313 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2