formbook | 679f0c6828ea6a0a111c4ffc91bbabe5a3fcd6b646ab57d5040699d1e0e0aadd | Triage

Sharing

General

Target

c8076071b36a3b58eb90610200b97b38_JaffaCakes118
Size

267KB
Sample

240829-cbvcyszcnp
MD5

c8076071b36a3b58eb90610200b97b38
SHA1

ae65983d4014dc74143aa9f2e6c77838d003a276
SHA256

679f0c6828ea6a0a111c4ffc91bbabe5a3fcd6b646ab57d5040699d1e0e0aadd
SHA512

f141e1713335a74659442eb116edc572b5354c825b599e15ea42a9e6f9892db2c1201ab8980395eb61593c9ac99e21f0fc2eda791dc9e5bbd608b02805b9f507
SSDEEP

6144:5UnppSaJcl+dLBY5KbBG3gqcxIKy7N4QBpKxQ0f9DQCPSjk:5CpjJO+oUbBx4BQQVjk

Score

10^/10

formbook m52 discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

m52

Decoy

v7536.com

jvvieira.com

woodenspoonbakehouse.com

exdij9.com

nadimkka.com

studentcoins.net

bitcoinmom.info

bxdycgm.com

jepkvrg.com

bitpu.net

autokredit-ohne-schufa.info

pvo.direct

lawyervideonetwork.com

n2pcc.com

fauxtoblonde.net

guayansistsfromm.win

wwwjsh100.com

run2build.com

sscmc.win

intogroup.win

Targets

- Target
  
  Euro40000order.exe
- Size
  
  750KB
- MD5
  
  43d33d32b8a2dfcd192f568f297c7d07
- SHA1
  
  989d2ec220dfe0c39dfc97f824c6916c7214f380
- SHA256
  
  886bbd99a81dac59ab10515a0595fc8c32753c1fe929c4558157b17085ed5b58
- SHA512
  
  4eeb5f84ffc3223bb73334e10449c31f6229eee8a823346d11e4c59cc324d237ea0e483e1c04d0c7fcba0e4a13138e6802ce50aaf786b5296c0e657e1a13c22c
- SSDEEP
  
  6144:6u7EzoMvj6R3GPPd2fj0NXMvKTgy1PI8dPPYwztLdW+9yp1zqv5mZzhw181LfCS0:6uIbMedQ2JG6Ywzq9OeMP23G
Score

10^/10

formbook m52 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookm52discoveryratspywarestealertrojan

behavioral2