formbook

General

Target

38694cf4cf60fc8408f11b40e2e62338_JaffaCakes118
Size

737KB
Sample

240729-e6f5xstcjk
MD5

38694cf4cf60fc8408f11b40e2e62338
SHA1

e42b57f70784715d37794ec05cc0da6ff356345c
SHA256

2c5f5dbeb72dc0832f94f4ad3bfe984ac1e8a9dd6b64a4335394cfc16ee00a6a
SHA512

fdb9cc5ff5a872bc9f383d06582a726652b4a2ce491bc1482bcf6e1808950835d57144061ee68b73a917db660f8aaaa381d4e6dc1657e69e5dca4d32d7648657
SSDEEP

12288:uwPp+fGL0Yjn2fdWVdzFXTjjmOuWktOtZf92UbWfTfy3IuO6oVizLIbZKY3Jjcxt:uwguHj2fdWnzFXT3mOdt3paglIK

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bnc

Decoy

iseoguide.com

rogerellisonline.com

thephonelenses.com

reddystone.com

explorehokianga.com

miaflcio.vote

baonihaochi.com

thewiseengineer.com

exciplexinc.com

luewaeeqaredre.com

atharvatechnologysolutions.com

vnsr1234.com

nationswines.com

toaglobalcc.com

texasbusrental.com

sailfishingcostarica.com

superbuy.today

mode-paradox.com

soperlz.xyz

filterdance.com

Targets

- Target
  
  38694cf4cf60fc8408f11b40e2e62338_JaffaCakes118
- Size
  
  737KB
- MD5
  
  38694cf4cf60fc8408f11b40e2e62338
- SHA1
  
  e42b57f70784715d37794ec05cc0da6ff356345c
- SHA256
  
  2c5f5dbeb72dc0832f94f4ad3bfe984ac1e8a9dd6b64a4335394cfc16ee00a6a
- SHA512
  
  fdb9cc5ff5a872bc9f383d06582a726652b4a2ce491bc1482bcf6e1808950835d57144061ee68b73a917db660f8aaaa381d4e6dc1657e69e5dca4d32d7648657
- SSDEEP
  
  12288:uwPp+fGL0Yjn2fdWVdzFXTjjmOuWktOtZf92UbWfTfy3IuO6oVizLIbZKY3Jjcxt:uwguHj2fdWnzFXT3mOdt3paglIK
Score

10^/10

formbook bnc discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2