formbook

Sharing

Copy URL

Twitter E-mail

General

Target

783ee1a999bc5b808433a3aeb0e40a1e_JaffaCakes118
Size

351KB
Sample

240527-hj3xyscd22
MD5

783ee1a999bc5b808433a3aeb0e40a1e
SHA1

027fd49ce482767909dafefbf9bb4bdde2ea7214
SHA256

3133691453d52deda0e443d99f1565178e629a2ba4b31137bed01916b5b831f0
SHA512

abedafef33997df74eb50a3de36a964c610f87bc734dc97e74189b65b7b3b2ce208afb3c24ed9d21739a50efab90182385446e6ef68e5f401f38216dee00206e
SSDEEP

6144:oQjY84IGMqNWfBKvZDx4TPuyEkyKtcazL/Dh5xvSrLPM1dFtA+TBui6W9ZHN:oMY8+W54CPGk+8L/Dh5JqUXFt9T7

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

gm1

Decoy

802477.com

theclippersofficial.com

mysticadventuresails.com

joshkaeding.com

www4915a.com

nicolasdumasxiii.com

transbagasputra.com

motherdaughter.date

truflorawellness.com

ff1q.com

elettronicasmart.com

obtes.com

pfamkyr.com

9ycpbr.info

gtitdunproductions.com

mashreviews.com

methvenonthemove.com

jinshavip38.com

theedgebizconnect.com

jessandalextietheknot.com

Targets

- Target
  
  01438966382020_pdf.exe
- Size
  
  370KB
- MD5
  
  abfb06139a39dec1e276b04cb62ec985
- SHA1
  
  422cf21107f9ce0e2cb0e20398afde711f4374fc
- SHA256
  
  7af08bbd907a68770548426050115d6b0aeba599e0c3bd03c03f5ef8268ceb11
- SHA512
  
  2c3fee56e8e59a0b07cf9db17127013be4ae8b3be47dab5099d25247320fe81cfe696057c76541e567cb8cef2942a6e3b97b7b1f8584cd3363fbb5d6ce687190
- SSDEEP
  
  6144:rPCganNbXQ0tyqc95+FXffzBvekHyq9s28WeC2X8cESMj+W9blvcZ97B+OeVnF:ZanG0C95+5fzHDOlWeWPN9blEHBJeVF
Score

10^/10

formbook gm1 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $APPDATA/vehicletestdrive/_tmp/18.opends60.dll
- Size
  
  45B
- MD5
  
  ded7ae361d5a4aeef08ba0b9a7baf1f9
- SHA1
  
  d7588ed36f5d306da4cd14ddec95da8329e6ad11
- SHA256
  
  880f19bcbf8f31901e8f13da6b9a933fa398be261027073cca2447643e39ec1c
- SHA512
  
  785a3613b80dbb691c75c52d8e84d1421b6e15633c1586393b2ac9b4e3054dcd69878fe738b87bfef48f83263d609fa606ec42f78366b15b93d896f1197cde0a
Score

1^/10
behavioral3 behavioral4
- Target
  
  $APPDATA/vehicletestdrive/_tmp/62.opends60.dll
- Size
  
  48B
- MD5
  
  71a56a6018fd1f673e7428af424ab30d
- SHA1
  
  2355c8b851b4876b8a3c80ee384b6695bf30c005
- SHA256
  
  6b9083658989175e624ab847771099cbbcaacc8726eebb37248ec857542d5668
- SHA512
  
  a68c796b56877d0a0854ca5ec8d16b7b5cbee76333dce48d846a88d06c3f767cb3334465aa323ba6fa6857d90c9f4f12967bacb4422f2cae7e3a069192427cba
Score

1^/10
behavioral5 behavioral6
- Target
  
  $APPDATA/vehicletestdrive/_tmp/cert2spc.exe
- Size
  
  8KB
- MD5
  
  15d14d0403243f2939389b50e62a5d9c
- SHA1
  
  29ca8ad75a159cf8740f21f8e1a2649abf81589e
- SHA256
  
  c25f774434af1c494594d8315ca8cfd12257c53b8e3682e626b230b79dd5a863
- SHA512
  
  83f0b6074911f4f8fc74d556537c9a8a1999cfbf5b8dedd97a9b5824d3b3bc39b7e8b876e5aa68a9eb597ac89ccaba9a516df21446200aa172994718c62a1ead
- SSDEEP
  
  192:nuF8MV0BxUAOW/3m3tGdqhIEg0YHvWCcqoS/W5e:n+8MVA1S3txg0avW1xS/W5e
Score

1^/10
behavioral7 behavioral8
- Target
  
  $APPDATA/vehicletestdrive/_tmp/contextp.dll
- Size
  
  11KB
- MD5
  
  4ba4d296c73b2b4367b0029e1d7c1a6f
- SHA1
  
  15aaf08c9aff48005a2a886c35a719bf286632ab
- SHA256
  
  0da039d120c08e36e5bd6c9eafe84d45dff719473876f3902e7ca5c9aa00c24a
- SHA512
  
  46a249c1110aec76179d44d4ae03c176dced623a3eb26003077034628eba7a09343da87afce41c02faf17e7e9cedaf69f354a576df92ba71fbb5ef5661bc1112
- SSDEEP
  
  192:VjPYNu38npuW8IzMkA2Ny0W+uNgQWNjk8:5PDQ8Zi1W7gQWN
Score

1^/10
behavioral10 behavioral9
- Target
  
  $APPDATA/vehicletestdrive/_tmp/crtowordsen.dll
- Size
  
  17KB
- MD5
  
  6aa6857e3aa855c208328a94e2979061
- SHA1
  
  b7d4304bd485f5ce8ed0183d57141c06bbc321a9
- SHA256
  
  6bc72ed8ef1f94b662813efec2f24886b1031e202581c20904c9aaba4c97584e
- SHA512
  
  9636495b0a7a0f10c71b07aad97350d1c48b98907674081d40021c80ba8c068f2a9492a3563a93a07c5fb7f3bc380c41d529b49c0f04c154d682c14adade1fa7
- SSDEEP
  
  192:ZHa7LAQiaLVaCQODYp8eZQd2SK3Xz7Yg/1LfzL/CldolMvMjGwPyMojT+KzVMiDA:BoL4aLVfGjv/1LrLCcY9jBJJU
Score

1^/10
behavioral11 behavioral12
- Target
  
  $TEMP/AnaMetaphor.dll
- Size
  
  19KB
- MD5
  
  eca4d3581bfee01fbbdfab46e73b8afb
- SHA1
  
  38b63ea322bd5f9b5ca14046a42f7ee25cf357d1
- SHA256
  
  2d4b4f73706eb3753f57ecf1e83e4ae68b8c07c72fe64a2aa2b0d80e5f64b7b3
- SHA512
  
  ef2f552f5216775aae85ac0835a7eb34498825e64961eb614a6728f76eaaef3e4ae36a847d0f7cfc30cce1b5c03e1521de93e1801db0a171dafbfbd73be66c20
- SSDEEP
  
  384:SRhpw3Mv1HS3DDAdLuFio8g7d0ORZp/mC3OTKuW5ik:SRwcNyzEdLuQg7fRZp/mC3OTKuW5
Score

1^/10
behavioral13 behavioral14
- Target
  
  $TEMP/dev60cgi/36.opends60.dll
- Size
  
  43B
- MD5
  
  3510e1a551a657442115b9e84e0d39c5
- SHA1
  
  e6ec919a91a257701a6e1546c3c30175434b6508
- SHA256
  
  ba56d29628c2ecf5ed376a0aebfd32ce186530338e5ca8f863a224e9d3e5f77e
- SHA512
  
  a872b5d0732eb993b7197593920b69ac073fd1107f3fb42b09e8ef6ec3bea436df7459f17b352c2ba2280c91ea9d1eb80802a874305faed789bc93a82cf4a60b
Score

1^/10
behavioral15 behavioral16
- Target
  
  $TEMP/dev60cgi/CrystalKeyCodeLib.dll
- Size
  
  19KB
- MD5
  
  928835929db4948327ff441ecab0a955
- SHA1
  
  08395f41b26fbe6b6edcbb79d46d17851116655a
- SHA256
  
  70126b03f9b802072c8ddba80dfc30e1dba9612083a07b8cd78157cf21bf7d80
- SHA512
  
  aaef454520346ee05e1c99eafee1719caa91e9f14b3a07b06a0164dc6a62f5fc7b9a6498e43d8fc9ab4f8cd7514b6083b24fcf161c8f5dfabd1d3143144e1477
- SSDEEP
  
  192:DmZpKceuZu+2K2oTXFh//j2nygVYYpuGmUIAdzJF8eSDMFuiKIG6QjKEepYQy:iZAyJ//j2ygduGmlAdzJF8eSQKIG6xi
Score

1^/10
behavioral17 behavioral18
- Target
  
  $TEMP/dev60cgi/DesktopDMA.dll
- Size
  
  37KB
- MD5
  
  e691a8240cedbd2f4bd39d5748cecb2e
- SHA1
  
  823905682a9f3e025a414d7c51d401ed42578e6c
- SHA256
  
  2cb13006977f70303a309554f14d70f9b7adfb46fa0fd630ec0da1dc74ed765f
- SHA512
  
  d050e88728de6b9f90c2929b671e89bdf167c3ff89ad5d207f99696ad4e71c8b32cd988741656fc048fa49656806807043875c9792c1b6b7d809fb5da87f3143
- SSDEEP
  
  768:XkQ9kolKftV1jlPK/W+/GHBdwYXRRlBhuUNiNjUJr6vD83W/:zkolK1VXZBhuAiNol48m/
Score

1^/10
behavioral19 behavioral20
- Target
  
  $TEMP/dev60cgi/MicrosoftVisualStudioVSHelp.dll
- Size
  
  11KB
- MD5
  
  3aca803a026087f4eb2958ef80fc0ee4
- SHA1
  
  b21628cc44b80b8ea79d14b3aa133861220433c8
- SHA256
  
  6472fc3c93342096ac77186a55e9fe5c9302fd72dbdaae0e667d26b736495652
- SHA512
  
  0e22f7547463d1249003fb8ce7d943f0eb0db0f83e18bafd5f6208d0a64cfcc70ae81ffe71433ff360319b934849c2d3428ba2bdf66fe25142a25959767e8346
- SSDEEP
  
  192:EM3S3GHkLPfg5ZkdfSkmAOF+Be5DAHTlwk4E+2A5RiNfAfkFjIxYvsaJTWFWW:EM3SZfaS0kmAOMB+DAasL4RQEYkaRWFv
Score

1^/10
behavioral21 behavioral22

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22