formbook

General

Target

4b21b233b4fb9b116477fb24cdd8e376_JaffaCakes118
Size

463KB
Sample

240729-rg619s1hqm
MD5

4b21b233b4fb9b116477fb24cdd8e376
SHA1

8e88400d1292aac8462b0413e039fd16a95112cd
SHA256

2f074d479236e1b4b36733f1e071d6c053a135025cbc62ccc233776b23604390
SHA512

a0d1871e551fc1cd45e7bc8e05841a79aa8e59743425a56a66ee3bb8e68c55dcaa395bd33f5a5eb4629f97c80a428055b966ad0af1c471742764c79b6de3e19e
SSDEEP

6144:R5iXq4NYHjLS1hxsvAwC0LhvBb4f5YghFZByCgWfF5fJloa:2x2HUhuvj8fBZBzv5fo

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a43

Decoy

lanaztouch.com

gse-global-p.com

seniorcareconsultant.info

jmstodocasero.com

deyigule.com

flourishmouth.com

morgantownspiritwear.com

edyscleaning.com

simplifyhydro.com

global-water-solution.com

associacaocasafraterna.com

violindna.com

scvipl.com

secure1advancedemedia.com

bcroadside.com

bllccoffee.com

anodesigns.com

ms00852.com

privatecomfortinghands.com

how2adult101.com

Targets

- Target
  
  4b21b233b4fb9b116477fb24cdd8e376_JaffaCakes118
- Size
  
  463KB
- MD5
  
  4b21b233b4fb9b116477fb24cdd8e376
- SHA1
  
  8e88400d1292aac8462b0413e039fd16a95112cd
- SHA256
  
  2f074d479236e1b4b36733f1e071d6c053a135025cbc62ccc233776b23604390
- SHA512
  
  a0d1871e551fc1cd45e7bc8e05841a79aa8e59743425a56a66ee3bb8e68c55dcaa395bd33f5a5eb4629f97c80a428055b966ad0af1c471742764c79b6de3e19e
- SSDEEP
  
  6144:R5iXq4NYHjLS1hxsvAwC0LhvBb4f5YghFZByCgWfF5fJloa:2x2HUhuvj8fBZBzv5fo
Score

10^/10

formbook a43 defense_evasion discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- System Binary Proxy Execution: InstallUtil
  Abuse InstallUtil to proxy execution of malicious code.
  defense_evasion
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

System Binary Proxy Execution

1

T1218

InstallUtil

1

T1218.004

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

System Binary Proxy Execution: InstallUtil

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2