formbook

General

Target

6d3a9e2fc11322a0a2bc4ad52ba110f6_JaffaCakes118
Size

724KB
Sample

240524-d8k18abg53
MD5

6d3a9e2fc11322a0a2bc4ad52ba110f6
SHA1

ddf89fe6d83c707f636c1b73ac448b9f4b5f9de2
SHA256

6157555f6e84cf18fa58a08cdc89a469da2a1d5d4e3f3b10776c74d2fe007a56
SHA512

b8258516c371ab6e5bd0ade27359ef4f683a8d6bc7da6cb858e69022e4fa5ef45fddfd970218da061525f53e289517794a1caa3ef548ebcf6b6d07d807dd23d0
SSDEEP

12288:bfOkVygaG6x/Oo8hL67HanLgc8tcWJTyHY/GD:bmkkJxAL2HanLgcqcWJG

Score

10^/10

formbook pe rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

pe

Decoy

blackcatproud.com

kddgu.info

jhholiday.com

woshunwang.com

qrvou.info

yinuojie.com

404arabs.com

diaojieorg.com

hsyfjj.com

medusabotanicals.com

ghay5c.com

wm785.com

bikeandart.com

ygyroadside.info

whitewings.biz

4pointpartnersbv.com

tukangsedotwc.net

democrataward.com

systemtraffic2updating.win

thevlu.com

Targets

- Target
  
  6d3a9e2fc11322a0a2bc4ad52ba110f6_JaffaCakes118
- Size
  
  724KB
- MD5
  
  6d3a9e2fc11322a0a2bc4ad52ba110f6
- SHA1
  
  ddf89fe6d83c707f636c1b73ac448b9f4b5f9de2
- SHA256
  
  6157555f6e84cf18fa58a08cdc89a469da2a1d5d4e3f3b10776c74d2fe007a56
- SHA512
  
  b8258516c371ab6e5bd0ade27359ef4f683a8d6bc7da6cb858e69022e4fa5ef45fddfd970218da061525f53e289517794a1caa3ef548ebcf6b6d07d807dd23d0
- SSDEEP
  
  12288:bfOkVygaG6x/Oo8hL67HanLgc8tcWJTyHY/GD:bmkkJxAL2HanLgcqcWJG
Score

10^/10

formbook pe rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2