formbook

General

Target

e3ab4dc4cf854bb513854423de6d8db6_JaffaCakes118
Size

408KB
Sample

240916-at88qazdnd
MD5

e3ab4dc4cf854bb513854423de6d8db6
SHA1

903d735a2758c21383461fc53c206f24eeab231a
SHA256

2ae786f785ba80e7dff4543d1f0abe34a5ad5c44d8bd667bb59ca31d0a5803d9
SHA512

ab02902e59c6cd209bc65d5e9ee58c1ed1aed4af1dd66c16addc9650c973dbf1f8de716e17341810c1ef8f2c13905aff5111765024b1b02d19301d7deb19d26f
SSDEEP

6144:cJZj3XBjlkq27zgxRokJPukWORQjjadZt4RAfa/SqwqG:MzZo7cv74Sau/yaq

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gtb

Decoy

kbsvipbags.com

grandma-salt.com

org-id100.info

marketobserverllc.com

robjmccarthy.com

orbitnest.com

7d5d.com

hotdealsallday.com

kaban-shitsuji.com

eivisionexport.com

luatfv.com

creationxbydom.com

realjuku.com

roast365.com

epis2020.com

schcman.com

xn--pimi-ooa.com

jobshustle.com

rightnewswire.com

seguonra.com

Targets

- Target
  
  e3ab4dc4cf854bb513854423de6d8db6_JaffaCakes118
- Size
  
  408KB
- MD5
  
  e3ab4dc4cf854bb513854423de6d8db6
- SHA1
  
  903d735a2758c21383461fc53c206f24eeab231a
- SHA256
  
  2ae786f785ba80e7dff4543d1f0abe34a5ad5c44d8bd667bb59ca31d0a5803d9
- SHA512
  
  ab02902e59c6cd209bc65d5e9ee58c1ed1aed4af1dd66c16addc9650c973dbf1f8de716e17341810c1ef8f2c13905aff5111765024b1b02d19301d7deb19d26f
- SSDEEP
  
  6144:cJZj3XBjlkq27zgxRokJPukWORQjjadZt4RAfa/SqwqG:MzZo7cv74Sau/yaq
Score

10^/10

discovery formbook gtb rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2