formbook

General

Target

985e4c889da12e9febeb1820d1b6efb4_JaffaCakes118
Size

482KB
Sample

240815-bgg45s1erp
MD5

985e4c889da12e9febeb1820d1b6efb4
SHA1

92b1a2aaaa5b61af8d711a57ad825288ca7ff1ca
SHA256

47c2f15af8f1e4daa69e815e7eea1e44b7b54d708efdf32508ddb461c27626c5
SHA512

c45e9277a727f412f8cd56531fc294d3e0f897109bb673b3f45536a4220b0c35d393c4134fdb1ea42de8b488cd92bc7f42b2670550fcd4d9b7352c1ce1def8d1
SSDEEP

12288:jkQwyvj6eOvKrs0xCQj7KQIU8aelAjrd9TUkevuc7+xVnr8:j5v+emAhcYFIUzbdevuZ98

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

tmo

Decoy

myplace.design

geersa.info

rhysbdowning.com

pandorainiciatives.com

affiliate-beginning-gently.com

anitcruiserun.live

xn--6kr11w.com

everhopeimaging.com

drmdb.com

regen.media

ibizacarobcompany.com

keramikstubeboehme.info

bleedingwords.com

potbringer.com

opposingavatars.com

ljubljana-city.com

saltsmangarcia.com

5551071.com

thelawofficeofrkeithbrown.com

fukugyou-style.com

Targets

- Target
  
  Payment_Advice.exe
- Size
  
  815KB
- MD5
  
  05a028bf7e8b4118a97a57552fc4ba0c
- SHA1
  
  9e71f8d3fd4bddb603c4c1803c867cade9be7a83
- SHA256
  
  8d692269e00163075c2d1bdeea0d8fe0ebb06c791233f692fa76e766095ec3ad
- SHA512
  
  df27cb22cbd3ee8faa970ce11217ac408c5e91e6cb4f81ad9f50b520cdebc216fee99ac022c41db449981ceadf5fdd4516b536641dbaf5a291125053b484a867
- SSDEEP
  
  12288:PYHdm1fBr+IwICEMytGbPGcbXDbE1Qla6RgVcP/7kvDxul+arudZt7dLBU37eimx:PyAiIlCPtfIv9XTp9Be7OqX5y6
Score

10^/10

formbook tmo discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2