formbook

General

Target

d1d5dad6e92334d394ebc7bc42c01169_JaffaCakes118
Size

308KB
Sample

240907-nnr9xasbnk
MD5

d1d5dad6e92334d394ebc7bc42c01169
SHA1

b96761570949d697a0f918d0878c0b5a890bd5c3
SHA256

c77ae9fb29c86b45d5b366e26f539fed7962f8b5da0834ceba78cc8a127e5401
SHA512

54156d92f65df595147124e61a78e534ce9fc913a4fe64e061897c2098b250f458b190784caa832b5873e97cc5a80cd901b10748f724e9e81a88e888735978ed
SSDEEP

6144:m6aiBK1jP4NzElRMNqYpMPhSHWc2i8loza+THF1QvB:m6at1MNQlRMMhoDh2mHQ5

Score

10^/10

formbook b1 discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

b1

Decoy

ncdclub.com

giahoachatxulynuoc.com

cmz.ink

gollehkon.com

xn--xkr832a.com

thereseika.com

formule1time.com

hengsongmuye.com

primeengenharia.com

dd000009677.com

designbecome.com

infinitewisdom.store

veritableassets.com

equifasecurity2017.com

seemanage-inc.com

planetreporter.info

embodiedcommunity.com

beautysamui.com

support-emailnotification.com

siweimiao.com

Targets

- Target
  
  d1d5dad6e92334d394ebc7bc42c01169_JaffaCakes118
- Size
  
  308KB
- MD5
  
  d1d5dad6e92334d394ebc7bc42c01169
- SHA1
  
  b96761570949d697a0f918d0878c0b5a890bd5c3
- SHA256
  
  c77ae9fb29c86b45d5b366e26f539fed7962f8b5da0834ceba78cc8a127e5401
- SHA512
  
  54156d92f65df595147124e61a78e534ce9fc913a4fe64e061897c2098b250f458b190784caa832b5873e97cc5a80cd901b10748f724e9e81a88e888735978ed
- SSDEEP
  
  6144:m6aiBK1jP4NzElRMNqYpMPhSHWc2i8loza+THF1QvB:m6at1MNQlRMMhoDh2mHQ5
Score

10^/10

formbook b1 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2