formbook

General

Target

dd3f06103f2ac425cf4e5a6dc65d31d6_JaffaCakes118
Size

1.5MB
Sample

240912-3k7bzs1glm
MD5

dd3f06103f2ac425cf4e5a6dc65d31d6
SHA1

972a1b325cc3abc48a94c90a7b51faea619cfcc9
SHA256

262d8dd389aad1ef11023ded97da5703e88f1a96c2b0b8a1dbdde5fa7ee04022
SHA512

8863a2c6f690d215ddf54476832f0e1a7f539bf0b07013aad2e6b86054f0cd5f6cbc11efd2ef5c9b799a7dce2138d6daa5093f2eae6e15fde563951800836751
SSDEEP

24576:Du1NZfx3LwkwC2uEYY1pSIEiPNMDXiPCxN4ar3DV8bxOpwK:qVfx3LMzYY1EIEiPqzkGz/

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cmg

Decoy

8936199.com

caneryis.com

kkambo.net

lifecoachwoman.com

kardus6.xyz

larvashop.net

stapelskerstbomen.com

dropofluxe.com

1089konstanzter.com

simplelovedlife.com

manderley-condos.com

xexpressx.com

cheshuntcomp.com

chinazhenzhu.com

autoaccessoriesusainc.com

luccagamesawards.com

edwardguimont.com

aljawaheer.com

rootforequality.com

premiumtechiessupport.xyz

Targets

- Target
  
  dd3f06103f2ac425cf4e5a6dc65d31d6_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  dd3f06103f2ac425cf4e5a6dc65d31d6
- SHA1
  
  972a1b325cc3abc48a94c90a7b51faea619cfcc9
- SHA256
  
  262d8dd389aad1ef11023ded97da5703e88f1a96c2b0b8a1dbdde5fa7ee04022
- SHA512
  
  8863a2c6f690d215ddf54476832f0e1a7f539bf0b07013aad2e6b86054f0cd5f6cbc11efd2ef5c9b799a7dce2138d6daa5093f2eae6e15fde563951800836751
- SSDEEP
  
  24576:Du1NZfx3LwkwC2uEYY1pSIEiPNMDXiPCxN4ar3DV8bxOpwK:qVfx3LMzYY1EIEiPqzkGz/
Score

10^/10

formbook cmg discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2