formbook

General

Target

c2617fd9c14407059a2e77d4d5af8f41_JaffaCakes118
Size

501KB
Sample

240826-gb64zaxglg
MD5

c2617fd9c14407059a2e77d4d5af8f41
SHA1

481f24e44b5afdfde9205fc1c9139d0635558943
SHA256

29fe01db6dea93e7ea23988d78444e838ff8ca2b56f406844cb0aa2d31b2563d
SHA512

2911d16e3dc1289b406fdd5607f2b7a9fc51de3cb76363bd82b82d878b7ddccf5ef7302b013369fe5bc5adb1e1309d45a6dcfca7d6620535d49dd7d46bb26135
SSDEEP

12288:DnBgbBrj8OxgKUbOFnMragx88E9QH8I83lc4Rzkdbhyt2aYWNF:rsBX8uCO3gxWH3c4rNF

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ykj

Decoy

polovnitelefoni.net

cateless.com

newbeginnings.club

quanghoagroup.com

pcbet0.com

normal.computer

yoinkyoink.com

lahorekabob.com

charnal-voices.com

hotsleepspot.com

thekashmirfabrics.com

upholsteryormondbeach.com

caramel-lefilm.com

pkitales.com

truancyclub.com

susanmathason.com

sweetlimenail.com

vaaudiotechnic.site

edem-agency.com

rakkonoteineinakurashi.com

Targets

- Target
  
  PROJECT FEJ-1601.exe
- Size
  
  394KB
- MD5
  
  212f0a0a7237ab09c82f6153361ac1b0
- SHA1
  
  1b84fff6041a1700f34c80a6e737e8e8c80d5770
- SHA256
  
  40bec545f9b01c4438a75cb03d902cc70c65ce8ecf90ecb1fb88aeb00b2c92cc
- SHA512
  
  232d6573a5801af940f13f97adae7f6d7a7cd38a3b61b190437f666387508db5668df77db980de3b911e2dab806587f9a486ccab5887a50f27efabb538ade348
- SSDEEP
  
  12288:U1zgVlrWHFZED24Ug/Q50b4Qhw+hjcnUgtICxs3IEeC:U1zgVlrWHwi4+5Y4WzhjcnUgXpE
Score

10^/10

formbook ykj discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2