formbook

General

Target

d5f142b409d4ee2db56859ac3ecdad66_JaffaCakes118
Size

365KB
Sample

240909-j8l66syfrk
MD5

d5f142b409d4ee2db56859ac3ecdad66
SHA1

3048d6d0fae713f04145e190c2e24047efaaef7e
SHA256

4883acd78928ccbab14d46de6f5be7ed91f0d6be16ad83b5214dfbbb218865bf
SHA512

dac8b3c4a3d19753ef1cff5c17e4c1470897175cac0854c922c406acbb589192ab9614d0e965344789b1644ec62971e0664fc7466926d5788750063f242a4e6b
SSDEEP

6144:Q9x8PY/bqy9n2wRfvtkOthbRiPwEMJ4ynpMiO6h1Kkbb9pIPKaaMqXFU2XihU:Q9x8PuhRFRdDhtuW4ybL1xbRKPtHT

Score

10^/10

formbook l9 discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

l9

Decoy

vegobro.com

smartcoffeetoday.com

30ans2chats.com

montidauniospitali.com

quarterlifestyleblog.com

euronlinesolutions.com

compositedoors2you.com

swiftdws.com

fivestarenergyspecialist.com

wwwyh6622.com

outdoor-grill.site

fireequipmentatlanta.com

8640pe.com

kzwzx.loan

thincore.net

smsdshop.com

qzchangxinsb.com

jswztc.net

qjqlfhu.com

noza-consulting.com

Targets

- Target
  
  d5f142b409d4ee2db56859ac3ecdad66_JaffaCakes118
- Size
  
  365KB
- MD5
  
  d5f142b409d4ee2db56859ac3ecdad66
- SHA1
  
  3048d6d0fae713f04145e190c2e24047efaaef7e
- SHA256
  
  4883acd78928ccbab14d46de6f5be7ed91f0d6be16ad83b5214dfbbb218865bf
- SHA512
  
  dac8b3c4a3d19753ef1cff5c17e4c1470897175cac0854c922c406acbb589192ab9614d0e965344789b1644ec62971e0664fc7466926d5788750063f242a4e6b
- SSDEEP
  
  6144:Q9x8PY/bqy9n2wRfvtkOthbRiPwEMJ4ynpMiO6h1Kkbb9pIPKaaMqXFU2XihU:Q9x8PuhRFRdDhtuW4ybL1xbRKPtHT
Score

10^/10

formbook l9 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2