formbook

General

Target

c3b603bc6299d576bfc0ee3c9fa3a436_JaffaCakes118
Size

831KB
Sample

240826-yjllnstenl
MD5

c3b603bc6299d576bfc0ee3c9fa3a436
SHA1

7c19306c508063efcd25b2e03097e8e59ec7f8ca
SHA256

299d51225c50959ef6b74013fcda1ffc8cd326f491af31636e9178cd1865cb5a
SHA512

aae104c318c01fee511549e2833aeba960ba880eb6d3d24ff8883583989c909cb74aa742d763c6777620b37b20ddfa452723d5d867d3c9b64868ae7080467b1d
SSDEEP

12288:AnbptTp5FwNKbBIk2pYcgGv8X4yzCh5RKYJKDkadzAC:UHnF6K21YPGvvhamadz1

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

ez3

Decoy

dcwylyc.com

handi.care

chestermerecalgaryhomes.info

5214zz.com

wortexpharma.com

kaleandbeans.com

economy.taxi

helloapmobgy.com

oraning.net

marbleandace.com

spaceflight.company

yardstix.house

competiris.com

0426.ltd

tqg6k4jl-0k8rlg.com

buyxem.net

chongzhi7.com

durewine.com

eaase.net

belle-clair.com

Targets

- Target
  
  c3b603bc6299d576bfc0ee3c9fa3a436_JaffaCakes118
- Size
  
  831KB
- MD5
  
  c3b603bc6299d576bfc0ee3c9fa3a436
- SHA1
  
  7c19306c508063efcd25b2e03097e8e59ec7f8ca
- SHA256
  
  299d51225c50959ef6b74013fcda1ffc8cd326f491af31636e9178cd1865cb5a
- SHA512
  
  aae104c318c01fee511549e2833aeba960ba880eb6d3d24ff8883583989c909cb74aa742d763c6777620b37b20ddfa452723d5d867d3c9b64868ae7080467b1d
- SSDEEP
  
  12288:AnbptTp5FwNKbBIk2pYcgGv8X4yzCh5RKYJKDkadzAC:UHnF6K21YPGvvhamadz1
Score

10^/10

formbook ez3 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2