formbook

General

Target

e4d6cafa48a29935f3c7b8d642ca65a0_JaffaCakes118
Size

428KB
Sample

240916-qe4yfsygkb
MD5

e4d6cafa48a29935f3c7b8d642ca65a0
SHA1

51d7d38b19259179f39698ebb7a66085fe7656ec
SHA256

e67c7a1eefab5298a70d1ab372aa9ffc6ed1dc52e1b2789932de11e723290b13
SHA512

315ef9b5fca968a36abc60e672b5c5d853d9bd8f0cf8890b8b54b4e5e74c414e7c37b98a9fc39345396e08d209778e5a9324f293323aaab1b52e7badc9a9ac1d
SSDEEP

6144:1AwXaZskSXEBLphN6/2ehqYz/OXnxyNRKIYJxnsAv4r+2wptVfj/REECjfkuzzWH:uwXaZsbEV96BsYz/O3xoh/WjJbCQkWi

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

private

Decoy

jsmsublease.com

texanpreneur.com

playfulsmile.com

zohorstore.com

lakekeoweehousekeeping.com

retail-tool.com

huangxiaojiyj.com

unsoldcarsfastrate.info

lizwoodtravel.com

wacomessenger.com

helps-support.net

magicaltest.com

thedakotafactor.com

citestbiz1597659448.com

lyt520520.com

dowcosta4truckee.com

wildfirepleat.com

alienzouks.com

miodowyogrod.com

sprostudio.com

Targets

- Target
  
  e4d6cafa48a29935f3c7b8d642ca65a0_JaffaCakes118
- Size
  
  428KB
- MD5
  
  e4d6cafa48a29935f3c7b8d642ca65a0
- SHA1
  
  51d7d38b19259179f39698ebb7a66085fe7656ec
- SHA256
  
  e67c7a1eefab5298a70d1ab372aa9ffc6ed1dc52e1b2789932de11e723290b13
- SHA512
  
  315ef9b5fca968a36abc60e672b5c5d853d9bd8f0cf8890b8b54b4e5e74c414e7c37b98a9fc39345396e08d209778e5a9324f293323aaab1b52e7badc9a9ac1d
- SSDEEP
  
  6144:1AwXaZskSXEBLphN6/2ehqYz/OXnxyNRKIYJxnsAv4r+2wptVfj/REECjfkuzzWH:uwXaZsbEV96BsYz/O3xoh/WjJbCQkWi
Score

10^/10

formbook private discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2