formbook

General

Target

70eef5e2aeb9f20bd43597aa829a95e2_JaffaCakes118
Size

357KB
Sample

240525-fqzsrsfd59
MD5

70eef5e2aeb9f20bd43597aa829a95e2
SHA1

179331204a07257d0a8a5b43284fc2873ce9e620
SHA256

bca3d5eb15bb32ab76803b529838de3cf0217f3f247473e77dcb112d4b5a2517
SHA512

e5cd3b9405e8e2e79c2870082e60318364432c6cba3a1151fb74eed289c84d5133ae730bab715a810ed32b42c25386c9b422bfa6e9fad3c007749cad6dd15125
SSDEEP

6144:u/7ZlzuEeOtPY9jsrWzhLSwdMVsTrj5qwN4S3Fzs4+Xr0DP6:u/FbNY9jL9Swd+s39qzSRtKwDP

Score

10^/10

formbook ek rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

ek

Decoy

zhongyaoqiao.com

jeffstoolbox.com

flychemnb.com

charismigi.com

peoplerush.com

liyachun.com

fdjszp168.com

beautydepilation.info

yq173.com

tanwenbin.com

besttrustloan.com

batdongsanminhanh.com

jimanwendy.com

heresfrosty.com

bkdkc.info

5534nn.com

foundweb.info

westroam.com

danielleautumn.com

82zhan7728.com

Targets

- Target
  
  70eef5e2aeb9f20bd43597aa829a95e2_JaffaCakes118
- Size
  
  357KB
- MD5
  
  70eef5e2aeb9f20bd43597aa829a95e2
- SHA1
  
  179331204a07257d0a8a5b43284fc2873ce9e620
- SHA256
  
  bca3d5eb15bb32ab76803b529838de3cf0217f3f247473e77dcb112d4b5a2517
- SHA512
  
  e5cd3b9405e8e2e79c2870082e60318364432c6cba3a1151fb74eed289c84d5133ae730bab715a810ed32b42c25386c9b422bfa6e9fad3c007749cad6dd15125
- SSDEEP
  
  6144:u/7ZlzuEeOtPY9jsrWzhLSwdMVsTrj5qwN4S3Fzs4+Xr0DP6:u/FbNY9jL9Swd+s39qzSRtKwDP
Score

10^/10

formbook ek rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2