formbook

General

Target

c9ccade124b44534d0ff46033c9262f6_JaffaCakes118
Size

256KB
Sample

240829-2xravswanf
MD5

c9ccade124b44534d0ff46033c9262f6
SHA1

a89aeca95a6b30060f5efcbefb215d0648065f61
SHA256

cbd43bdcb7e75cff1e937fe47faa7770647da504aa28fbf3f1b7415ac282456e
SHA512

6d3b6b76d25363cfd7d4c600fe6508c1d293f0b584d73559c5717305ac84ec36fd5785d39b857db47f4905b6d5aa081727d1fe0f112d7e50af542865fcbabaa7
SSDEEP

3072:FJ2S2L6KbqDCwcrM1ROZL009C9wIi/xRui+PXBjdyWSFCSKVbLGt83NRF3qujHvV:F8LxBs1ROJ0HVi/xNCRjdkFuOt8dTal+

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s3dy

Decoy

ravlygte.info

marketnewsville.online

flooring-envy.com

flavourhouston.com

donghohanghieunam.com

globleitsolutions.com

digitalgraphicarts.com

cupidbeautybar.com

cannavybes.com

negative-dsp.com

littledali.com

meltwatersoftware.info

blackdogland.com

danasales.com

mississippiscorecard.com

mainesmoker.com

sirenxinlilzixun.com

tychehang.com

gentciu.com

weckloltd.com

Targets

- Target
  
  c9ccade124b44534d0ff46033c9262f6_JaffaCakes118
- Size
  
  256KB
- MD5
  
  c9ccade124b44534d0ff46033c9262f6
- SHA1
  
  a89aeca95a6b30060f5efcbefb215d0648065f61
- SHA256
  
  cbd43bdcb7e75cff1e937fe47faa7770647da504aa28fbf3f1b7415ac282456e
- SHA512
  
  6d3b6b76d25363cfd7d4c600fe6508c1d293f0b584d73559c5717305ac84ec36fd5785d39b857db47f4905b6d5aa081727d1fe0f112d7e50af542865fcbabaa7
- SSDEEP
  
  3072:FJ2S2L6KbqDCwcrM1ROZL009C9wIi/xRui+PXBjdyWSFCSKVbLGt83NRF3qujHvV:F8LxBs1ROJ0HVi/xNCRjdkFuOt8dTal+
Score

10^/10

formbook s3dy discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/mfhecv.dll
- Size
  
  30KB
- MD5
  
  e97a552be97bf8ca0cd083250ef8b343
- SHA1
  
  8283294c2b23684bf1aa6bdc7729ef80efcf7673
- SHA256
  
  7ae5225917f9eb18e030e2aad1c0b9f7a3fc5789986e9222281cb3663d5f0775
- SHA512
  
  0f9f53254f11ee2f3cf757ba5459c8380bd07872cbb12a5dc0a681f978e5c10eb136bca57de593adbd806980d1484896a47ab4eaab1794c98113b80992e9a07a
- SSDEEP
  
  768:AYYsBQJDh7wN4Ce1k95WuPO8P9se1wcEWTF9D8E:AoBQJD6LPO8P9fwcE0qE
Score

10^/10

formbook s3dy discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Loads dropped DLL

Suspicious use of SetThreadContext

Formbook

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4