formbook

General

Target

71855311af9db1549bd4f9a580196a57_JaffaCakes118
Size

1.2MB
Sample

240725-2jfxzayhlj
MD5

71855311af9db1549bd4f9a580196a57
SHA1

b0f2f9c5a5d463118e27751acba702d16850f8c5
SHA256

b26d7f1c78311fe2e149042bbfeb9b14781de9e7dfd3bcb1e78ec540fe316ad6
SHA512

0f1dea1769f4000965301f269a54c2fc2be7c275abc98211169c384a9a3260d71601245595f608c6d2d761127899ab291c5648d91af7fc86b86d8a22e2f7d6ed
SSDEEP

6144:vbhdbMroO/lGquzY2ZmmjrmQGnHpnP6aupTzqfU0IgDKTTVz6TRvdqs0QC+VkTfW:zbMrQHzY2ZDgR6aKiIgDQVyYAkTfg

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ergs

Decoy

oceanprimesanfrancisco.com

dk-tnc.com

sodangwang.com

abrat-ed.com

dusubiqiqijem.xyz

getsup.online

homeneto.com

shose8.com

tronlane.com

nidowicosasod.xyz

independienteatleticclub.com

pca-winschool.com

realbadnastystories.site

bluevioletfloral.com

simplifiedpeacepodcast.com

abcfreediving.com

theyardbunny.com

holoique.com

ibkr1325.com

tjnfioou.xyz

Targets

- Target
  
  PO#A91641-MSKU9953077.exe
- Size
  
  428KB
- MD5
  
  5ccd1492d563b11ffdfd66d51aa370b5
- SHA1
  
  3a7441cb83f5ca0732e8826f164c087b077a69a5
- SHA256
  
  e777d588f24e21fdcc3add6de5b93d5fb498b594a59f03d02b5a7880bc5d5180
- SHA512
  
  11625c6391526fd798ed1d22b8df9a5278241b4b2ec0e37d1d8493ef5a7f1fad4f4d850c67713a431d38739a43d5b7e88394dc039de49ae986e7b215be2f5444
- SSDEEP
  
  6144:cbhdbMroO/lGquzY2ZmmjrmQGnHpnP6aupTzqfU0IgDKTTVz6TRvdqs0QC+VkTfW:IbMrQHzY2ZDgR6aKiIgDQVyYAkTfg
Score

10^/10

formbook ergs discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2