formbook

General

Target

aca9506befd5d3cebd9744727c95f19f_JaffaCakes118
Size

260KB
Sample

240819-1dk43awhpf
MD5

aca9506befd5d3cebd9744727c95f19f
SHA1

b49ae32e4d165ce72965a1173717d23a8a68a16b
SHA256

fa808c78e722a6b3dc9702e455a296fd0b9ada3b049a8e2d5340ad76d3727f61
SHA512

5b387c4678d88590d49f46ecd60870d5739fb243dba7ebbd429b920d8e04e6bc84ff494bf868acbc02f50793e419ba64f0e9a401bb078707784e3307aab697fb
SSDEEP

6144:CaJsnTdMmLSJ/ChJjNwHXGny6nKNyB2jkRq8efYbxF5Lt1J0:/GdMnJ/KKXKpnky2iHewF5Ld

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.2

Campaign

ch8

Decoy

52hiphop.com

goldenraintrading.com

ggdbshoes.store

mysucculentkitchen.com

p-d-d.com

wcsg2018.com

bbb544.com

mybaribox.com

primeroconsalud.com

tildeconilatina.com

pb20000.com

anittreppenlifthilfeok.live

ginebracero.com

dgdgdsgdsgdsgsdgdsg2.com

ymqtq.com

gz1024.info

brandonwalker.info

vast-solutionsmail.com

knightgrandmaster.online

happybwords.com

Targets

- Target
  
  aca9506befd5d3cebd9744727c95f19f_JaffaCakes118
- Size
  
  260KB
- MD5
  
  aca9506befd5d3cebd9744727c95f19f
- SHA1
  
  b49ae32e4d165ce72965a1173717d23a8a68a16b
- SHA256
  
  fa808c78e722a6b3dc9702e455a296fd0b9ada3b049a8e2d5340ad76d3727f61
- SHA512
  
  5b387c4678d88590d49f46ecd60870d5739fb243dba7ebbd429b920d8e04e6bc84ff494bf868acbc02f50793e419ba64f0e9a401bb078707784e3307aab697fb
- SSDEEP
  
  6144:CaJsnTdMmLSJ/ChJjNwHXGny6nKNyB2jkRq8efYbxF5Lt1J0:/GdMnJ/KKXKpnky2iHewF5Ld
Score

10^/10

formbook ch8 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2