formbook

General

Target

8ff88d4f8b70eee8fc6c69c669074cb4_JaffaCakes118
Size

700KB
Sample

240812-x1tg6swakr
MD5

8ff88d4f8b70eee8fc6c69c669074cb4
SHA1

18a998ddaf87c1e3be65c3f2c743b8d85278276d
SHA256

418c91165a110d4877cb2932db456e37715dd6ea494712bb6cebd009eb090727
SHA512

acca72689d62837947a3326bef910651222a35b155b6f57c02f5b2e7bce6ba08e307fb19870f38831dbbed15b88126bb9884ca07e8b2a11e8a5c92e3ae6ed3d9
SSDEEP

12288:SvJ08jSJ7Y9cTcKeunEuLGHL43BNur0MdhM1dL6tNHvq5S+:Sv5jSJ6m1ufdaW

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dgn

Decoy

eco-memo.com

giddyn.com

canlearnfree.com

hollistehu.com

scottfoster.site

bhaswanth.com

788wang.com

forwardcraftandcoffee.com

quietrevolutionproject.com

bestventuramalestrippers.com

eckocode.com

essentialbuildersfl.com

duotaoduojing.com

bg3222.com

gadabhima.com

sciencedrivenworld.com

obstutorial.com

melbourneetchingsupplies.com

bigias.com

watdomenren23.net

Targets

- Target
  
  8ff88d4f8b70eee8fc6c69c669074cb4_JaffaCakes118
- Size
  
  700KB
- MD5
  
  8ff88d4f8b70eee8fc6c69c669074cb4
- SHA1
  
  18a998ddaf87c1e3be65c3f2c743b8d85278276d
- SHA256
  
  418c91165a110d4877cb2932db456e37715dd6ea494712bb6cebd009eb090727
- SHA512
  
  acca72689d62837947a3326bef910651222a35b155b6f57c02f5b2e7bce6ba08e307fb19870f38831dbbed15b88126bb9884ca07e8b2a11e8a5c92e3ae6ed3d9
- SSDEEP
  
  12288:SvJ08jSJ7Y9cTcKeunEuLGHL43BNur0MdhM1dL6tNHvq5S+:Sv5jSJ6m1ufdaW
Score

10^/10

formbook dgn discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2