formbook

General

Target

d4e0768ec86d2f8d8b6a6b725bda4b87_JaffaCakes118
Size

835KB
Sample

240908-vwa4xsxgmm
MD5

d4e0768ec86d2f8d8b6a6b725bda4b87
SHA1

4bd5d2c5c06e38cd70a18e4a99c16e0f1f841dee
SHA256

09c8bb08807219149a78bfa1e239f5022e6eb2e802f87dffe87d0bcf16e483a8
SHA512

f135e550defa90c4fc7d750628aae850405107998f6af9ebcb89b42ba26d3c977f37caff7c694db5617ada189872332dcc5175dd10d1c08e64cad7e3146a0f9e
SSDEEP

24576:7iszFFV90kSaUdGAMVb32G6TVjuDsJ8BDeL+cLaA43DBDErHueXsS:1T

Score

10^/10

formbook ph discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

ph

Decoy

spiderwebz.com

princeworld2.com

elbirligiguclukadin.com

cy1032.com

tourpetour.com

oneintegraventures.com

fmhihlb.com

cslounge.net

prnqf.info

mensa-edu.com

wfc288.com

built-design.co.uk

apnei.com

divachain.com

yuntopon.com

tobaccovision.win

ecogef80.com

onot.ltd

rushhut.com

g6006.com

Targets

- Target
  
  d4e0768ec86d2f8d8b6a6b725bda4b87_JaffaCakes118
- Size
  
  835KB
- MD5
  
  d4e0768ec86d2f8d8b6a6b725bda4b87
- SHA1
  
  4bd5d2c5c06e38cd70a18e4a99c16e0f1f841dee
- SHA256
  
  09c8bb08807219149a78bfa1e239f5022e6eb2e802f87dffe87d0bcf16e483a8
- SHA512
  
  f135e550defa90c4fc7d750628aae850405107998f6af9ebcb89b42ba26d3c977f37caff7c694db5617ada189872332dcc5175dd10d1c08e64cad7e3146a0f9e
- SSDEEP
  
  24576:7iszFFV90kSaUdGAMVb32G6TVjuDsJ8BDeL+cLaA43DBDErHueXsS:1T
Score

10^/10

formbook ph discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2