formbook

General

Target

ba013f275078b890f94beecfe96157d4_JaffaCakes118
Size

268KB
Sample

240823-cxqxnatakp
MD5

ba013f275078b890f94beecfe96157d4
SHA1

6fdab8bbec0ee983be2a2738fa9b6d9d5fe01eef
SHA256

61ee6e0f78b9a691785e5423670187886a694b9d8a5ead06c66d4b9bcc820602
SHA512

6596ffea90d05ef15377837c2a9e0974c97a6620f62edd69e2d810d1120de076c60486a79a9795838c00d630b48bb9c1b7145d0dc06fd1a1ad31426c83160029
SSDEEP

6144:KlGbtrV1eYFnjgIE9+U3XAUYKiPc8bM8dsQcuuM/a1qD8iG/:3ZDn8v9cKiUp8OcaqDA

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.6

Campaign

ch26

Decoy

burningbush.store

maulidibarkahfp.net

chris-keel.net

us-capitalonebank.com

sideways-6.com

americanvtwintemecula.net

gtldbank.com

digitalogic.ltd

bcity-29.online

etenindo.com

ee4j.net

hagi.ltd

muchproducts.com

cisopi.com

xn--resilienz-frdern-wwb.com

handaina.com

gantungankuncidariflanel.com

zaglue.net

gggan24.com

malbok.com

Targets

- Target
  
  ba013f275078b890f94beecfe96157d4_JaffaCakes118
- Size
  
  268KB
- MD5
  
  ba013f275078b890f94beecfe96157d4
- SHA1
  
  6fdab8bbec0ee983be2a2738fa9b6d9d5fe01eef
- SHA256
  
  61ee6e0f78b9a691785e5423670187886a694b9d8a5ead06c66d4b9bcc820602
- SHA512
  
  6596ffea90d05ef15377837c2a9e0974c97a6620f62edd69e2d810d1120de076c60486a79a9795838c00d630b48bb9c1b7145d0dc06fd1a1ad31426c83160029
- SSDEEP
  
  6144:KlGbtrV1eYFnjgIE9+U3XAUYKiPc8bM8dsQcuuM/a1qD8iG/:3ZDn8v9cKiUp8OcaqDA
Score

10^/10

formbook ch26 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2