formbook

General

Target

ae99103e5ce4607dceddd757d78538df_JaffaCakes118
Size

268KB
Sample

240820-kwl63sxbrj
MD5

ae99103e5ce4607dceddd757d78538df
SHA1

1bba604a228afa3acff5d06f3e2b4b1f9b833d85
SHA256

93e98542a60cdc289195a75af47998995b83a01c880a9647d1171be104ab970b
SHA512

df6c0078fccd05b60ab46a9b26d2761ea3290500bd1f611678ea9a3e2cfdd7064a44b1f4ec3f95e2ec2e82d6253c733bc8ff9904b21558770335f45e16868a1a
SSDEEP

6144:blRikI9uFJXo1hCoKJ3c9eWhWzlFF2Yl:JHI9ujXohCoWM9eoWz/FD

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.6

Campaign

ch24

Decoy

rrd-wbd.com

astonherencia.com

socialsurveymaker.com

ofthefamily.net

hiza.ltd

xygczs.com

bjxeb.net

equifaxsecurikty2017.com

rongxiangmifeng.com

atelierbunnybunny.com

xn--fiq316n.com

creativsec.com

miaspiro.com

fantasi.info

donworrycredit.com

mistyroads.com

sxjhyy.com

lullv.info

squarewaycall.net

vshark.net

Targets

- Target
  
  ae99103e5ce4607dceddd757d78538df_JaffaCakes118
- Size
  
  268KB
- MD5
  
  ae99103e5ce4607dceddd757d78538df
- SHA1
  
  1bba604a228afa3acff5d06f3e2b4b1f9b833d85
- SHA256
  
  93e98542a60cdc289195a75af47998995b83a01c880a9647d1171be104ab970b
- SHA512
  
  df6c0078fccd05b60ab46a9b26d2761ea3290500bd1f611678ea9a3e2cfdd7064a44b1f4ec3f95e2ec2e82d6253c733bc8ff9904b21558770335f45e16868a1a
- SSDEEP
  
  6144:blRikI9uFJXo1hCoKJ3c9eWhWzlFF2Yl:JHI9ujXohCoWM9eoWz/FD
Score

10^/10

formbook ch24 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2