formbook

General

Target

cb40c157e93e8013af5447c28fd3b942_JaffaCakes118
Size

704KB
Sample

240830-vdnmasvbjb
MD5

cb40c157e93e8013af5447c28fd3b942
SHA1

16b0df235b3954c6e6b96f7aecc252f22bc021db
SHA256

b8d074da8531b10cee3844431f8502da1a3932586fb6fa82da7a38da44409026
SHA512

d4bf092e3c911aeed4f88d2327ee9300fb3cc7501ab85e47596fb620dd40667265ca05b29f2fba3eac6ba15b0c19d66b185ab214eb7ef7a68349bb4d5fa3303d
SSDEEP

12288:zIwR9YVsNiXfvHFhixCUlskyCeKfAA1T4uJjx7aEiC0:zIIYVyyvHjisayNZASwVaEt

Score

10^/10

formbook l5 discovery rat spyware stealer trojan upx

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

l5

Decoy

riverchaseapts.net

0430pe.com

nbgift.net

ehkhwn.win

immatthall.com

fkslc.info

breakthroughmediadon.com

eatorganic.life

okcitytowing.com

egaodomain.com

krenbc.com

lavi.ltd

sport-score.com

romskicentar.com

junkyard.design

xn--55q83b758aihq.com

phonerepairlocal.com

5656868.com

1s7onework.men

elizabethreidinteriordesign.com

Targets

- Target
  
  cb40c157e93e8013af5447c28fd3b942_JaffaCakes118
- Size
  
  704KB
- MD5
  
  cb40c157e93e8013af5447c28fd3b942
- SHA1
  
  16b0df235b3954c6e6b96f7aecc252f22bc021db
- SHA256
  
  b8d074da8531b10cee3844431f8502da1a3932586fb6fa82da7a38da44409026
- SHA512
  
  d4bf092e3c911aeed4f88d2327ee9300fb3cc7501ab85e47596fb620dd40667265ca05b29f2fba3eac6ba15b0c19d66b185ab214eb7ef7a68349bb4d5fa3303d
- SSDEEP
  
  12288:zIwR9YVsNiXfvHFhixCUlskyCeKfAA1T4uJjx7aEiC0:zIIYVyyvHjisayNZASwVaEt
Score

10^/10

discovery upx formbook l5 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

UPX packed file

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2