formbook

General

Target

c709725aada3a8083acb5cf6e6f485b1_JaffaCakes118
Size

484KB
Sample

240828-rtpyhs1hjc
MD5

c709725aada3a8083acb5cf6e6f485b1
SHA1

3d16d5b14543524b230fece39cea76157a2247e6
SHA256

31c3df5957f6eb0398f72aec9d8609f6a55da6f4051ea103f53999845efc93de
SHA512

cade4d3b4370432707bff79baee3e3592bf31696229590b90f636cdb7e7fdeabc92412ec85ad4527fb23682dcf695bf3310c46be7ca9b7ff0d3342778abba0b8
SSDEEP

12288:qOX7sE8V2V6z9q5Q6r/cS5eod/dTO5dGmxDrH3V3:qOL+2E0u6rHHR6dGmxPV

Score

10^/10

formbook ph discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

ph

Decoy

arjonacollection.net

autosvilarasau.seat

abetterupdating.online

srilankatravelcompany.com

hvcfa.info

carifilnews-events.com

zer0daylab.com

mirrorxr.com

nextdealworld.com

josiediscounts.com

321tao.com

bjcnganjixk4.com

retain.ltd

lindasavon.com

nhra-go.com

beautifide.info

pelatihanukm.com

verim.site

sytxhl.com

tombrady.agency

Targets

- Target
  
  c709725aada3a8083acb5cf6e6f485b1_JaffaCakes118
- Size
  
  484KB
- MD5
  
  c709725aada3a8083acb5cf6e6f485b1
- SHA1
  
  3d16d5b14543524b230fece39cea76157a2247e6
- SHA256
  
  31c3df5957f6eb0398f72aec9d8609f6a55da6f4051ea103f53999845efc93de
- SHA512
  
  cade4d3b4370432707bff79baee3e3592bf31696229590b90f636cdb7e7fdeabc92412ec85ad4527fb23682dcf695bf3310c46be7ca9b7ff0d3342778abba0b8
- SSDEEP
  
  12288:qOX7sE8V2V6z9q5Q6r/cS5eod/dTO5dGmxDrH3V3:qOL+2E0u6rHHR6dGmxPV
Score

10^/10

formbook ph discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2