formbook

General

Target

bcbbd0048a3723cfdd8a7d19d70d26e8_JaffaCakes118
Size

455KB
Sample

240823-xacfzasbmr
MD5

bcbbd0048a3723cfdd8a7d19d70d26e8
SHA1

ebfc013084e974cf83b1c7e7b951bc83f8c85283
SHA256

a55d1c36f3d5ba85a951e75b6a5de7a350d133ad49a44ddce349d5d181e64ae8
SHA512

0f655cb079e098bc2faf5ed942c76e72146d0ef1a4ef49c119788cd9b494056d58b3b712f6a74ae5fa28740cfcfbaf76f31eb7b32820ca9a3443ed62466fc8ca
SSDEEP

12288:JwSemRIcv0sIuzfuEj3pxdPQJEfy0Uu7/qagQnp86+XZ7CjIwG:jIcvHzfuEFxNQOq0UOg22lpaIwG

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.0

Campaign

3iw

Decoy

cepbank-direkt.com

lieoga.com

officialbetterbeardclub.com

media0702.com

safariflorist.com

vipinternationalinc.com

bitechanalytics.com

employeewage.com

truckingtag.com

priyaladiestailor.com

highlanderpiping.com

enargiapetroleum.com

vermilionranch.com

focusopgeld.com

kalem-euy.net

disypen.com

fairpayva.com

davidguner.com

idreferensi.com

dytt889.com

Targets

- Target
  
  CopyMX2N79.exe
- Size
  
  695KB
- MD5
  
  c02762dd741807fe5db17e96c29448a1
- SHA1
  
  0b1c135bc1c956c05b3962be6ec79cb44e29ba1d
- SHA256
  
  02296010035b93a3435b5b06a9af1f2715310bcf370918cd80114b18fae780b6
- SHA512
  
  82d469577a2c30554d1b083b5ae214cd3c4737ef7555922b5b6666232d2aa26236a499c257370e5b20e82e0fb213968d90b383b7688affa413d255c3a42c327f
- SSDEEP
  
  12288:ORZAplT4AWrNlqpANwJy1nfqzhd/sPxd++rOb:UAzT4AWrbqpAx8gLRrOb
Score

10^/10

formbook 3iw discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2