formbook

General

Target

b2d6c87e102168862ce088a9a3d080da_JaffaCakes118
Size

744KB
Sample

240821-kt4ncatckj
MD5

b2d6c87e102168862ce088a9a3d080da
SHA1

ffc51cda99bc409c8357eafd3e808984d498751b
SHA256

87ecddb8a02dae9f7c5b58e881eca264a6182407c40fd74b644365cad41d40b3
SHA512

15ff1083e4fe6374bdb8824f03ad82f2104829859790a613c761d3198c457cf2650ca0cd6710371e938af481cb33348b904c098abb68659819bc8c3a8489f4f4
SSDEEP

12288:61eRRAfxCIUnyNOI/SN/HWQZUpNRnpU5xNIyLoZIBEF0Czpf:8iRO8nyNOI0u7dngNBoZoXyp

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mro

Decoy

lafemmebride.com

juqms.info

pagoverment.com

wronger.store

stir-studio.com

hodsonsfolly.com

hydrogenic.net

curasept.store

gas-turbine-training.com

drone-surveying.online

stablecoinusd.net

nahayatnegar.net

bullseyehealthy.com

cantinhodosabor.net

scovax.com

alexandrialistings.com

honeyflames.com

thesuccessjourneycoach.net

maputienda.com

skyandi.online

Targets

- Target
  
  b2d6c87e102168862ce088a9a3d080da_JaffaCakes118
- Size
  
  744KB
- MD5
  
  b2d6c87e102168862ce088a9a3d080da
- SHA1
  
  ffc51cda99bc409c8357eafd3e808984d498751b
- SHA256
  
  87ecddb8a02dae9f7c5b58e881eca264a6182407c40fd74b644365cad41d40b3
- SHA512
  
  15ff1083e4fe6374bdb8824f03ad82f2104829859790a613c761d3198c457cf2650ca0cd6710371e938af481cb33348b904c098abb68659819bc8c3a8489f4f4
- SSDEEP
  
  12288:61eRRAfxCIUnyNOI/SN/HWQZUpNRnpU5xNIyLoZIBEF0Czpf:8iRO8nyNOI0u7dngNBoZoXyp
Score

10^/10

formbook mro discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2