formbook

General

Target

8633c9faffe606b47606f62f63d160e8_JaffaCakes118
Size

354KB
Sample

240810-qjn3ssvfph
MD5

8633c9faffe606b47606f62f63d160e8
SHA1

f6083d7a8d967d7e6298150b789690fbd81911e7
SHA256

fbc2dcb6615f34cd3518733f34ce939dcf3bb576a5464022977e62e7480480e4
SHA512

e4b2f80db2a9723f258d9a3875affbbca9aafb4d5506855be4dd56c0df2a8399eef5b84c20ea68cbc758237e6a6fdb91bd6a114653c1a636d20a0ccad39611c5
SSDEEP

6144:kHfkCBobZSvnQ6GnKZTwPXFDZ5FhkNyCxsstPaAUYt6Bzpf7L/ShLS+pPHBTB/cU:k/ZBo0n/ZTu1DBhkNJDPjUgmzpzL/ShT

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cmg

Decoy

bestessentialcare.com

lemonguild.com

veronabling.com

omvzshop.com

austingutterrepair.com

noracbn.com

shizukis.com

keatingfreelanceservice.com

teamtobook.com

mqcsegurosyfinanzas.com

t-chou-pino-v.com

yuyunst.com

ctlaltignite.com

zinaidaphoto.com

ag-gis.com

hdollars.net

usa-zuche.com

opexsoftwaresupport.com

kaizenseed.com

thejoyshare.com

Targets

- Target
  
  BKG#339LN2035492.exe
- Size
  
  428KB
- MD5
  
  fc9a7d91c44b35ac45235cbd428d5f71
- SHA1
  
  3a2306041f07ac63b24375f2393cdcaae4a9aff2
- SHA256
  
  10a9aab39489aa507d35bb18b357ca6c9f8642d8fa27fc1ad9c7de03c8e9415d
- SHA512
  
  d235cd67e1e74675a1adaeffc89df82b2314dcb0d8f67887a9b9b0d14e9f3a0bd5c6c3df47ed08e6ab7f5de879be32b8434aa1843647b911629018db1312bdfc
- SSDEEP
  
  12288:QnOLBomnNZTudDLhkNbjPNUg6zhDn1ShWOi:QnkymnN6SNXWg6z91AWOi
Score

10^/10

formbook cmg discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2