formbook

General

Target

c064ec37ffd4521397a436a9d0c3da18_JaffaCakes118
Size

1.1MB
Sample

240825-kzvydsxfnp
MD5

c064ec37ffd4521397a436a9d0c3da18
SHA1

03ba9be491d49752464ffa0755f0d8926e1925e7
SHA256

a308003882167974d1a1f6334f0f9ee1599c50d33ec2883c856de84bf82365f4
SHA512

2186f2f8f28efdde84d196468b00f5df27417b65a10ba6589ee0e57d30ffef121ec04973db8ffc7d6ec935e8bdcf0a98d72cad057f131e6caf7c7455d72379ba
SSDEEP

24576:f9aok2Jbtfcp5l3E5zXVHjx9NMezB3xmSj:f9aSho45xDvZh

Score

10^/10

formbook an discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

an

Decoy

setzesegel.com

freeyrself.com

searchshoppingonline.com

tv16282.info

unitedtur.com

168jlb.com

blockee.info

ryd5.com

kucun108.com

castcmi.red

ufc202.info

goldendawnequipment.com

anlatacaklarimvar.com

szgty.info

realtorlubbock.com

digitalumsetzbar.com

buy9voltblaster.com

naughtytingz.com

phstructuredwater.com

energettic.download

Targets

- Target
  
  c064ec37ffd4521397a436a9d0c3da18_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  c064ec37ffd4521397a436a9d0c3da18
- SHA1
  
  03ba9be491d49752464ffa0755f0d8926e1925e7
- SHA256
  
  a308003882167974d1a1f6334f0f9ee1599c50d33ec2883c856de84bf82365f4
- SHA512
  
  2186f2f8f28efdde84d196468b00f5df27417b65a10ba6589ee0e57d30ffef121ec04973db8ffc7d6ec935e8bdcf0a98d72cad057f131e6caf7c7455d72379ba
- SSDEEP
  
  24576:f9aok2Jbtfcp5l3E5zXVHjx9NMezB3xmSj:f9aSho45xDvZh
Score

10^/10

formbook an discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2