formbook

General

Target

2afa0d8b9349ba770f5c4e5e0cda5bd0_JaffaCakes118
Size

260KB
Sample

240728-3h4hba1dqj
MD5

2afa0d8b9349ba770f5c4e5e0cda5bd0
SHA1

a1cd46219893137d02b305f94e3cec4b0777bac8
SHA256

5ee4f7e9fcc0ef5a0887440ff8139d4c3bfb49a64f68592c56b62f53c1149bef
SHA512

38774f27f6107681c082560675ad737693423bb07c688bbf146acf082504f85f954a796c984c7da51d72646f8f736719bb04700e2ca4caa36247ff0461363ec9
SSDEEP

6144:ybsEo93GOOKon+dvQMYy8q2C/w8JPSVk107:DE4GOE+5Qf82kWk

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.2

Campaign

ch9

Decoy

pardalisblue.com

namudoma.net

unipplies.net

xn--ces255ag5ao92a1q1a.com

hotfreenursingbest.online

infinitymatters.com

y0b15h68sqf.com

sparepartmanuals.net

catchupcuteness.com

vcprrbtj.com

hmtfwr.com

bloomsburybabies.com

tryhrd.com

wriek.com

qunyinghuiyl.com

hatchetdev.com

packforisrael.com

uvv8.com

121nsq.info

kendallmckee.com

Targets

- Target
  
  2afa0d8b9349ba770f5c4e5e0cda5bd0_JaffaCakes118
- Size
  
  260KB
- MD5
  
  2afa0d8b9349ba770f5c4e5e0cda5bd0
- SHA1
  
  a1cd46219893137d02b305f94e3cec4b0777bac8
- SHA256
  
  5ee4f7e9fcc0ef5a0887440ff8139d4c3bfb49a64f68592c56b62f53c1149bef
- SHA512
  
  38774f27f6107681c082560675ad737693423bb07c688bbf146acf082504f85f954a796c984c7da51d72646f8f736719bb04700e2ca4caa36247ff0461363ec9
- SSDEEP
  
  6144:ybsEo93GOOKon+dvQMYy8q2C/w8JPSVk107:DE4GOE+5Qf82kWk
Score

10^/10

formbook ch9 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2