formbook

Sharing

Copy URL

Twitter E-mail

General

Target

677b6b5e69dcae8f3b221d461f3c3127_JaffaCakes118
Size

342KB
Sample

240729-3jg1pswepk
MD5

677b6b5e69dcae8f3b221d461f3c3127
SHA1

d790c479aa6b5a82878b32bf66cb5f11c96033a4
SHA256

f663a4ad9cc36251114439048169dca1ecd66ce8332eff691133ce718ea4d6ec
SHA512

9e41936a35c02d8b98f0e501457b78e1e2564ef0b67b5f399fa172bc7f0bd55ad05be694c3284eca17a400d5d0d2854ca915a1b4622a4cacfbb837541b45a875
SSDEEP

6144:VLhPq7Wszyji6D1yPXaRvmluRKb6wZdKbG8x+4gXB9dbLlRlTpdV6GMe3L7awnxT:3q7WuyByo22wZdKyAMXdbn1PV6GMe3Lp

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

xla

Decoy

v-jig.com

uniplaceservices.com

yolovely.com

demonoscarclub.com

jayanthallumalla.com

ngonclub.biz

mckendreedesign.com

acesandeightsdj.info

740manbetx.com

yiwulewo.com

wcc.ink

fkkha.info

btnij.com

pharmacyinfinitedata.com

marakez.online

sgpcrm.com

archive-fast-quick.date

akproductionstudio.studio

bfbrjgw.com

fjshuguan.com

Targets

- Target
  
  EPDA - MT ALPHA MARINE.exe
- Size
  
  362KB
- MD5
  
  a235c71c9675b191d6ca449b905501c6
- SHA1
  
  b0bf8fde00073a0dc5e91416223907954065b250
- SHA256
  
  d789a675b16eca7a3d78fffd03d6dfc18a396d6eac4da2472b99700ff1cb09c7
- SHA512
  
  e24c60be0a58ef0f7ee8413aa245a7752e5a2c8159c571946fad1a6144b8404e003c21801dc4bbc56b8ff91377a87e6e894c5082b612f974bcb3de4d91d3887d
- SSDEEP
  
  6144:LPCganNe8wDejU1TWATT5MLgCH6NFafy8/0zh2IfyPI3CcoGkEoQAgjITMZyoECP:5anUtDJxuLgNNF4CVDDoUTjITM8oEP8d
Score

10^/10

formbook xla discovery rat spyware stealer trojan credential_access
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Formbook payload
  rat
behavioral1 behavioral2
- Target
  
  $APPDATA/Events/2.COMServerPS.dll
- Size
  
  255B
- MD5
  
  a70320ad70935b0d2d911b713eea96de
- SHA1
  
  fd36907943b3be06618345be2b89e83d490f4b7f
- SHA256
  
  f9761d7f119080fbe0dbce4b765dc2c9a4258d83b3c21ebe01944d966133a98f
- SHA512
  
  4465983562d155063989421421a6476e9af0ddd003da8e766489ab6f9af140cf79a81fcf1861e57ec0df6e11d18211a95a4e3547cd7e2bf3e2f2f27cf3f2ec20
Score

1^/10
behavioral3 behavioral4
- Target
  
  $APPDATA/Events/41.opends60.dll
- Size
  
  42B
- MD5
  
  73236985ff3c5345a28ab783c574536e
- SHA1
  
  c0a7e93cae1682dc8f9b13b406d0df885e04ede0
- SHA256
  
  879a60d28d86c2bec56fcb54fddfa6c44ff5635e9df23fcd4c8d2afa98cc498b
- SHA512
  
  3ce299799b89706ac1091df50d624e5988ab2be1ffe62e712e3378957b9a9c5c27db17a7d1da4ab44dc3250199da6cb5b1ab595291f907fdb364a366206403c3
Score

1^/10
behavioral5 behavioral6
- Target
  
  $APPDATA/Events/82.opends60.dll
- Size
  
  47B
- MD5
  
  bc9fb1acab850f6846e7fa8317fa6df5
- SHA1
  
  7a19bb0e00897720c95ab154e1edac4ce76fe56a
- SHA256
  
  83c170104e38c71588f78a416a2593873313b0bc54e230e7069ff451677745b1
- SHA512
  
  74bd3158e389ed6e21ebb8307ca4c11aa1a317885df36d9ec2531d1ef118f1680f461293b10c6ca6f77f7e0c3e924bbaac44c1c31f0a2fef143339270d0f5aac
Score

1^/10
behavioral7 behavioral8
- Target
  
  $APPDATA/Events/Interop.BankObjectsLib.dll
- Size
  
  4KB
- MD5
  
  387db427480ce4a8fc3ca2c032161e6e
- SHA1
  
  a4e592969ff9cc0192dcddee4e6573bd401d06d8
- SHA256
  
  ee26756169d57e6bf51bcf2ddc978ace6bcdb940f3d3f5691aff3860040ab410
- SHA512
  
  2fc3b0cdadb926ed2c51ab3affe7be6da9fb05910dab41876e5aed5e815b0aa41f0af3f3ff721d4ce78075fc41c71a347efd5d4a8e49ffa4954c26d9ec6480dd
Score

1^/10
behavioral10 behavioral9
- Target
  
  $APPDATA/Events/MicrosoftVisualStudioVCProject.dll
- Size
  
  12KB
- MD5
  
  764476d7dd24d9985094b893703c286f
- SHA1
  
  5457c9241b5c6d5c75ba0d658d7eee9771e2e9df
- SHA256
  
  f495e676a55360c516c6c57e20b5839007ac25379b992ec33afcb36e3a5de6ad
- SHA512
  
  6fdaea500aa4d357a086149772f9e493bde963c94074c01d0797ac0e4c8ce3a50e30a59f0cdc9f162b0b514deed5d2638ad2896afb2e856dfdbbf650c3d1978c
- SSDEEP
  
  192:HuNyzZuu7Ykg2TTv4Sy9PlgV4gViTBUGbLJ37gmEXGk3y6BxtWr89WN:Hhsk9TESoXgViTBUG537sXx3y6LtWI9W
Score

1^/10
behavioral11 behavioral12
- Target
  
  $APPDATA/Events/MicrosoftVisualStudioVSHelp.dll
- Size
  
  11KB
- MD5
  
  3aca803a026087f4eb2958ef80fc0ee4
- SHA1
  
  b21628cc44b80b8ea79d14b3aa133861220433c8
- SHA256
  
  6472fc3c93342096ac77186a55e9fe5c9302fd72dbdaae0e667d26b736495652
- SHA512
  
  0e22f7547463d1249003fb8ce7d943f0eb0db0f83e18bafd5f6208d0a64cfcc70ae81ffe71433ff360319b934849c2d3428ba2bdf66fe25142a25959767e8346
- SSDEEP
  
  192:EM3S3GHkLPfg5ZkdfSkmAOF+Be5DAHTlwk4E+2A5RiNfAfkFjIxYvsaJTWFWW:EM3SZfaS0kmAOMB+DAasL4RQEYkaRWFv
Score

1^/10
behavioral13 behavioral14
- Target
  
  $APPDATA/Events/rcxdti.dll
- Size
  
  22KB
- MD5
  
  fb3d66763efcbf71d78b8579e63d4474
- SHA1
  
  df9bd7a013a629971da1c54fbccdd3f855ddc3e1
- SHA256
  
  07afa049c7c2adddf3294d814b830fa4d6acfbb0f133cfb5931a227745c28c38
- SHA512
  
  b6ba1da14f05dc72235bceb27133e9ef0802f13d4cdbce57b88609b02d86d5a477b7565c8f3338d5fe3b5fe92a996c7e2b36ed1233778485487ca147b2df1503
- SSDEEP
  
  384:JpGM/u8no5kLDJMauKTIllgZQekeox8tjQggrTbIOtnO6GRWU3WOdeT:JMou8noG6FmJQNJxaAPbIOtiBJ
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $APPDATA/Events/sbsmscorrc.dll
- Size
  
  5KB
- MD5
  
  a77e63ae0ad0e0e843ceb1850bcac032
- SHA1
  
  ddac5381e3cf0e1ad5a379a597482ce13e2bb5fb
- SHA256
  
  ab9539aed6789672d6be75849fbed12af55536af651848ec5fff4b4082238da7
- SHA512
  
  99b505b42c472cc8dbfd58ab3bfdf6c7149c4206ec237c20be68cb95120a8a4367304de8dfd60ddfaea0fb58868d3c438dd31d405b85dc67a03eb6da97e2471a
- SSDEEP
  
  48:C0ytDmx48zljSffOuE4PYrR18gFN3oTNFlIMbVLo5KZWNHWHlSEIBSP75O5WWr/:7ytDij6mu7gJpONBRLxWt0YEIBg7AWY
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $TEMP/Selfsupport.dll
- Size
  
  18KB
- MD5
  
  50de2e131866324be8cc223b161a3f1a
- SHA1
  
  a3333c5982d50aa729f1d0c0768b06f811ec3fe5
- SHA256
  
  f9000f92fd7830c61c8c9ac035c47544b678a78c9b90125a922087bc86d1dab2
- SHA512
  
  776a8789508153881b3050e5cbcdbcc507f06dde646a65c65b5bc40857ac8757100002d329f28467d5e79ab1986aefbd3d0968a9136b5efece4246766fea251a
- SSDEEP
  
  384:pWbIw8TWWkuqkg7d0ORZp/mC3OTKuW5jlMrC:Qsw8yWkuqkg7fRZp/mC3OTKuW5jWr
Score

3^/10

discovery
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Credentials from Password Stores: Credentials from Web Browsers

Formbook payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20