formbook

General

Target

abc88cd99d4e6bc7948a250df62e55b3_JaffaCakes118
Size

468KB
Sample

240819-t8fdqsyenk
MD5

abc88cd99d4e6bc7948a250df62e55b3
SHA1

58879613caf647f5a8f2feb35317994431453fb5
SHA256

565a7f6a3dd3f57f948caf481417687eb0140373064502c8293bd103d5a469ef
SHA512

ad27e018104a2e8a9a1c2cba4aea2df89168095d1c19e4a42249cafca1ef84ffd44649b6ac0fd9935d3aec3e5e2450dd50fb274b7a628f61a22abe4c0ebe0422
SSDEEP

12288:3PxHNswP3Nh25brrNXoI+deyHuaOATlleEFbBiqWX04oQyQh:fxXlh25breI+EyHuapTlpnizXTh

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t052

Decoy

ladybug-learning.com

unforgottenstory.com

oldmopaiv.xyz

natashaexim.com

hannahmcelgunn.com

retargetingmachines.info

njoconline.com

unicornlankadelivery.com

giftkerala.com

englishfordoctors.online

schatzilandrvresort.com

brujoisaac.com

basiccampinggear.com

escapees.today

dgyxsy888.com

stevebana.xyz

mimozakebap.com

ezdoff.com

pluumyspalace.com

shaoshanshan.com

Targets

- Target
  
  Credit Card & Booking details.exe
- Size
  
  1.0MB
- MD5
  
  27db728c69c96de67c4ad3863abe33a9
- SHA1
  
  5786e68382eb6eec432ca8a3109f61242b4c03d0
- SHA256
  
  9e38c0c3c516583da526016c4c6a671c53333d3d156562717db79eac63587522
- SHA512
  
  696100874eb5c1e65b81fd704afcae455c0f1d9a896d6050d4f35a7873e921348386c59ed8494fc48aed95bb8390f37026079de7039e2776646aaae4e7844cd2
- SSDEEP
  
  6144:TV9VhXLMjb8MUYTygw2CMgAHVoKStnCX7QyKGk8Pu5rcyOREjCGcMdRoYfTgvzzg:erhStC4Gwe1nMdRoYf7rTmeh6ZMGka9
Score

10^/10

formbook t052 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2