formbook

General

Target

b6a71f32c73d5392dc3dcf5ebfd9f11a_JaffaCakes118
Size

340KB
Sample

240822-g6gskasgka
MD5

b6a71f32c73d5392dc3dcf5ebfd9f11a
SHA1

82af158a9984597cfb71570ff87f52421e1b0d2c
SHA256

6695ad2b11cf12fe057273b08f07f9020916cb68a2803206ecc31f61b9f6b7f1
SHA512

aa6b1bc9ff70689c0740683c0858a48b348c4d9f018c3ca11745dcb74480efb89b89dc002159576cd0c461ff9b2de320729a3a40f984a83a8698a4e99d4f959b
SSDEEP

6144:D3yaVwC1pYMTJCTmjd3M3YqUoqNgtDK5BGN1BOpF1d8EWkFRTlV1erRSaYv0P3:bVwMmgJEmjd4/UoqNggDGNaFGEWO1edH

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c239

Decoy

shareourjesus.com

lavictoriaesdetodos.com

helpfulproductions.com

waggonerplastics.com

skipouya.com

everyoneshoroscope.com

winterstokeview.com

gutsyhomemakers.com

redstatesdigital.com

themacmeliusshow.com

beautybarnantucket.com

wearetwo-a.com

thenutritionessentialist.com

tapsiwadhwa.com

jundicompany.net

gobocawest.com

woodking.space

elegantap.com

2ndoss.info

ebay1111.com

Targets

- Target
  
  b6a71f32c73d5392dc3dcf5ebfd9f11a_JaffaCakes118
- Size
  
  340KB
- MD5
  
  b6a71f32c73d5392dc3dcf5ebfd9f11a
- SHA1
  
  82af158a9984597cfb71570ff87f52421e1b0d2c
- SHA256
  
  6695ad2b11cf12fe057273b08f07f9020916cb68a2803206ecc31f61b9f6b7f1
- SHA512
  
  aa6b1bc9ff70689c0740683c0858a48b348c4d9f018c3ca11745dcb74480efb89b89dc002159576cd0c461ff9b2de320729a3a40f984a83a8698a4e99d4f959b
- SSDEEP
  
  6144:D3yaVwC1pYMTJCTmjd3M3YqUoqNgtDK5BGN1BOpF1d8EWkFRTlV1erRSaYv0P3:bVwMmgJEmjd4/UoqNggDGNaFGEWO1edH
Score

10^/10

formbook c239 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2