formbook

General

Target

7289b3c7c4055d40cf85ca7731497d34_JaffaCakes118
Size

495KB
Sample

240525-tqyscsac3t
MD5

7289b3c7c4055d40cf85ca7731497d34
SHA1

6b6a8a835b8e8d7a26d3fc57d0effee30a49e9d4
SHA256

bc5aa7b4f419065ed0382ef58383b06f8e578d12a0b0b7973b1de9f549143307
SHA512

60b2370176c82a5fe84a6680af7b9da7c44f81cf6fecc6db719d67644fc092e620ac9d5a9981bccc79a8f2622936dc5a9eae2abd070d41865d4985a981b98199
SSDEEP

6144:sCypZJUu0qK1hMyPnQLCHb7A2GhNXlvlvlLMLJb+UYRHfw1t3+mxOqApSRjXj3w3:nhMSQEb7A2iNYujmgqAg9L01EVx

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

aofk

Decoy

theplanetviral.com

51gayporn.com

mesathean.com

vaguidelines-updated.com

newuniverse.net

daveslehighvalleyvac.com

balikesirmasajsalonuu.com

chepinclub.com

shkafko.com

xn--eh3b11fp3f4me.com

qgochyljokbjjx.com

ashleetaylor.net

neckbeardnation.com

jordanthedev.com

pnwminiacs.com

tastyafrecipes.com

postmortemrecycled.com

bodypiercingblog.com

northwestclassicfirearms.com

manilagogo.com

Targets

- Target
  
  7289b3c7c4055d40cf85ca7731497d34_JaffaCakes118
- Size
  
  495KB
- MD5
  
  7289b3c7c4055d40cf85ca7731497d34
- SHA1
  
  6b6a8a835b8e8d7a26d3fc57d0effee30a49e9d4
- SHA256
  
  bc5aa7b4f419065ed0382ef58383b06f8e578d12a0b0b7973b1de9f549143307
- SHA512
  
  60b2370176c82a5fe84a6680af7b9da7c44f81cf6fecc6db719d67644fc092e620ac9d5a9981bccc79a8f2622936dc5a9eae2abd070d41865d4985a981b98199
- SSDEEP
  
  6144:sCypZJUu0qK1hMyPnQLCHb7A2GhNXlvlvlLMLJb+UYRHfw1t3+mxOqApSRjXj3w3:nhMSQEb7A2iNYujmgqAg9L01EVx
Score

10^/10

formbook aofk rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2