formbook

General

Target

e6f07c4af3e5cb4d02d44f0b758604a0_JaffaCakes118
Size

383KB
Sample

240917-qxd5ravhme
MD5

e6f07c4af3e5cb4d02d44f0b758604a0
SHA1

e03ae248c99b5cb6f0aba67d67f29ecb0eedb107
SHA256

241245cb421ccd025316c936471b0f6cf3c4ac4eb00ee45e4a91b7d63b1abf2f
SHA512

3a5d1386937f1a25969a172b32cc69d291a472b05da80b761c847997736b8076822cbe460b9546514f41a88eb94280777750c299c9258156b3982b52afb7f368
SSDEEP

6144:2DXdayqqqqqqqqqqqqY4Vzb81ILy0pEiT3ijHTj/zZW/vsJap7fTaYsc0mWW0eef:OaieIfpDTSjXyHmbjjVmmR

Score

10^/10

formbook jj discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.7

Campaign

jj

Decoy

raproll.com

kombipack.com

dhl365.com

vhoxda.men

zisigui.com

i-o.ltd

serenitynowcafe.com

huntsafety.com

caquciqu.com

novoflexled.com

54smg.com

bintrade.info

34f7j3k.online

wwwjs80088.com

lifestylestimes.com

gradientdecisions.com

h-v-s.com

eternallybound.win

nafa.ltd

veteransusa.site

Targets

- Target
  
  e6f07c4af3e5cb4d02d44f0b758604a0_JaffaCakes118
- Size
  
  383KB
- MD5
  
  e6f07c4af3e5cb4d02d44f0b758604a0
- SHA1
  
  e03ae248c99b5cb6f0aba67d67f29ecb0eedb107
- SHA256
  
  241245cb421ccd025316c936471b0f6cf3c4ac4eb00ee45e4a91b7d63b1abf2f
- SHA512
  
  3a5d1386937f1a25969a172b32cc69d291a472b05da80b761c847997736b8076822cbe460b9546514f41a88eb94280777750c299c9258156b3982b52afb7f368
- SSDEEP
  
  6144:2DXdayqqqqqqqqqqqqY4Vzb81ILy0pEiT3ijHTj/zZW/vsJap7fTaYsc0mWW0eef:OaieIfpDTSjXyHmbjjVmmR
Score

10^/10

formbook jj discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2