formbook

General

Target

c68506d23178bedf545bb2b028d8572e_JaffaCakes118
Size

847KB
Sample

240828-klfasa1hra
MD5

c68506d23178bedf545bb2b028d8572e
SHA1

3b4d7f2827f3c11ad73596943a19707d61e92bf5
SHA256

17de42648d49e21ed411c460fa0c805443e1898e21114beb8ea7301da3ee6b31
SHA512

bf24fcfc36f96eeedeab6cfc222fcc34d8925e29fbdef5fc57ae002237d4202897e2b062ea0fe9552a5514802bb4289ed8a4c6522234d1504cc953acca7f39f2
SSDEEP

12288:8ayc8dtxZjKBVbBstxucrzyUYG2gmmz/PXtgobWmpfb4dstkoHQH8mlLeOIP:qPtxFKXboucS5vcz/2Cpvko2pxRc

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

3nk4

Decoy

teresaanaya.com

byronhobbs.com

altiizgara.com

reignsponsibly.com

kanistones.com

clickpk.site

aizzainvestments.com

bpqbq.com

openfitxbstretch.com

blackvoicesstore.com

yousefzaid.com

verdeaccounting.com

independentthoughtshow.com

fainlywatchdog.com

elreventondelsabor.com

spiceyourfood.com

1277hb.com

cesttoni.com

portalngs.com

turismoplayas.com

Targets

- Target
  
  c68506d23178bedf545bb2b028d8572e_JaffaCakes118
- Size
  
  847KB
- MD5
  
  c68506d23178bedf545bb2b028d8572e
- SHA1
  
  3b4d7f2827f3c11ad73596943a19707d61e92bf5
- SHA256
  
  17de42648d49e21ed411c460fa0c805443e1898e21114beb8ea7301da3ee6b31
- SHA512
  
  bf24fcfc36f96eeedeab6cfc222fcc34d8925e29fbdef5fc57ae002237d4202897e2b062ea0fe9552a5514802bb4289ed8a4c6522234d1504cc953acca7f39f2
- SSDEEP
  
  12288:8ayc8dtxZjKBVbBstxucrzyUYG2gmmz/PXtgobWmpfb4dstkoHQH8mlLeOIP:qPtxFKXboucS5vcz/2Cpvko2pxRc
Score

10^/10

formbook 3nk4 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2