formbook

General

Target

850cc1c75063ca92d970aa3013a3402c_JaffaCakes118
Size

268KB
Sample

240810-gvs2fsycql
MD5

850cc1c75063ca92d970aa3013a3402c
SHA1

6a4056de057bb0c797fb81d239080376489c6d19
SHA256

f018d2a3fed9a8a2a93aa145a931d71e7a3ccb400f8c6c4bd9767584ee15f18f
SHA512

41433d8c8d8ab64aa31c7f32d67e2f35d491b67d718a308b5b58c599689d634696b5f6f0b4093e68e65a5899e2c0046b6d8bc24684f40f92f99f5f3fcf252a48
SSDEEP

6144:3c+h6TZfrgYGczjWRc3UXEkc6RIgTXDuJiAW589RyI+i:1qMYZW3jcGIMXCJ5W5qER

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.7

Campaign

ch22

Decoy

zexiyikang.com

diniharidinar.com

mgiuj.com

marunoco.com

webdownloadmanager.com

jiachuangkegongmao.com

markoemosy.online

coreroles.com

victoryautoserviice.com

jlsichuang.com

lllgxu.info

webdesignexperts.today

escolajaumevicensvives.cat

libbeyiran.com

musikanlage-vergleich.online

partners4solutions.com

makrobet529.com

entenmanns120birthday.com

jianyelvcai.com

deltaschilders.com

Targets

- Target
  
  850cc1c75063ca92d970aa3013a3402c_JaffaCakes118
- Size
  
  268KB
- MD5
  
  850cc1c75063ca92d970aa3013a3402c
- SHA1
  
  6a4056de057bb0c797fb81d239080376489c6d19
- SHA256
  
  f018d2a3fed9a8a2a93aa145a931d71e7a3ccb400f8c6c4bd9767584ee15f18f
- SHA512
  
  41433d8c8d8ab64aa31c7f32d67e2f35d491b67d718a308b5b58c599689d634696b5f6f0b4093e68e65a5899e2c0046b6d8bc24684f40f92f99f5f3fcf252a48
- SSDEEP
  
  6144:3c+h6TZfrgYGczjWRc3UXEkc6RIgTXDuJiAW589RyI+i:1qMYZW3jcGIMXCJ5W5qER
Score

10^/10

formbook ch22 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2