formbook

General

Target

c02762dd741807fe5db17e96c29448a1_JaffaCakes118
Size

695KB
Sample

240825-hcayla1gjl
MD5

c02762dd741807fe5db17e96c29448a1
SHA1

0b1c135bc1c956c05b3962be6ec79cb44e29ba1d
SHA256

02296010035b93a3435b5b06a9af1f2715310bcf370918cd80114b18fae780b6
SHA512

82d469577a2c30554d1b083b5ae214cd3c4737ef7555922b5b6666232d2aa26236a499c257370e5b20e82e0fb213968d90b383b7688affa413d255c3a42c327f
SSDEEP

12288:ORZAplT4AWrNlqpANwJy1nfqzhd/sPxd++rOb:UAzT4AWrbqpAx8gLRrOb

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.0

Campaign

3iw

Decoy

cepbank-direkt.com

lieoga.com

officialbetterbeardclub.com

media0702.com

safariflorist.com

vipinternationalinc.com

bitechanalytics.com

employeewage.com

truckingtag.com

priyaladiestailor.com

highlanderpiping.com

enargiapetroleum.com

vermilionranch.com

focusopgeld.com

kalem-euy.net

disypen.com

fairpayva.com

davidguner.com

idreferensi.com

dytt889.com

Targets

- Target
  
  c02762dd741807fe5db17e96c29448a1_JaffaCakes118
- Size
  
  695KB
- MD5
  
  c02762dd741807fe5db17e96c29448a1
- SHA1
  
  0b1c135bc1c956c05b3962be6ec79cb44e29ba1d
- SHA256
  
  02296010035b93a3435b5b06a9af1f2715310bcf370918cd80114b18fae780b6
- SHA512
  
  82d469577a2c30554d1b083b5ae214cd3c4737ef7555922b5b6666232d2aa26236a499c257370e5b20e82e0fb213968d90b383b7688affa413d255c3a42c327f
- SSDEEP
  
  12288:ORZAplT4AWrNlqpANwJy1nfqzhd/sPxd++rOb:UAzT4AWrbqpAx8gLRrOb
Score

10^/10

formbook 3iw discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2