formbook | 318d039e63460267fa92391159395a8d82f58e98c4c88831eb20780e485d81b3 | Triage

Sharing

General

Target

ca3bf59d8a50c50129515551c389f6d8_JaffaCakes118
Size

736KB
Sample

240830-fge21axcme
MD5

ca3bf59d8a50c50129515551c389f6d8
SHA1

a0db5fb809772e7886672568db1329d75c857b23
SHA256

318d039e63460267fa92391159395a8d82f58e98c4c88831eb20780e485d81b3
SHA512

87e26b31b904d7a1ac418ab945fb8311ebbc8f9183b885deb2b253b3db1b49b7db6f4f542c50b9b3ee54dcdc5834a42c7e6623e0d56a43bf5ae37cfa3b605776
SSDEEP

12288:9watuz+EFVnfzjreMmJzkg0nYvJS15NLgw1g+esTCmu:9watipF7mJIg0A01HLJP2m

Score

10^/10

formbook l5 bootkit discovery persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

l5

Decoy

riverchaseapts.net

0430pe.com

nbgift.net

ehkhwn.win

immatthall.com

fkslc.info

breakthroughmediadon.com

eatorganic.life

okcitytowing.com

egaodomain.com

krenbc.com

lavi.ltd

sport-score.com

romskicentar.com

junkyard.design

xn--55q83b758aihq.com

phonerepairlocal.com

5656868.com

1s7onework.men

elizabethreidinteriordesign.com

Targets

- Target
  
  ca3bf59d8a50c50129515551c389f6d8_JaffaCakes118
- Size
  
  736KB
- MD5
  
  ca3bf59d8a50c50129515551c389f6d8
- SHA1
  
  a0db5fb809772e7886672568db1329d75c857b23
- SHA256
  
  318d039e63460267fa92391159395a8d82f58e98c4c88831eb20780e485d81b3
- SHA512
  
  87e26b31b904d7a1ac418ab945fb8311ebbc8f9183b885deb2b253b3db1b49b7db6f4f542c50b9b3ee54dcdc5834a42c7e6623e0d56a43bf5ae37cfa3b605776
- SSDEEP
  
  12288:9watuz+EFVnfzjreMmJzkg0nYvJS15NLgw1g+esTCmu:9watipF7mJIg0A01HLJP2m
Score

10^/10

formbook l5 bootkit discovery persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookl5bootkitdiscoverypersistenceratspywarestealertrojan

behavioral2

formbookl5discoveryratspywarestealertrojan