formbook

General

Target

e79bd8b4aa11afd86c932fa441d6544e_JaffaCakes118
Size

475KB
Sample

240917-ytzw2sscqf
MD5

e79bd8b4aa11afd86c932fa441d6544e
SHA1

eea8d0048c7b4ae55127665b5e6991a112dd0c32
SHA256

d1a6eb1637a42a3098f5b0ecbfdcb7011422cdc110a9d481043ddc964cc49cb1
SHA512

17b93470ab610ffe5b968d86e1f9a46efa50142005e60bda8de85d1a4f56df09ad828337b7bf84f9fd0aaa40b4bc4157877ecb7a0c365e1f86dbb0387a3fa705
SSDEEP

12288:a5qGhlH60YUkNEB3ZjkeZvz4MhXUyHKjedkt+cTpPRuusB:aD6QP/K2VB

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gtl

Decoy

45687g.net

graveimport.com

bulldogsgear.com

service-support.email

uhzcflg.icu

zebradefensefund.com

make10xhappen.com

ecotegral.online

stillatwink.site

onwardatlanta.com

real-optionstheory.com

madbearcustomwoodworking.com

adelinekaczmarek.com

elia-lca.com

tinykreations.com

rawlinsrealty.info

ubcholdings.com

searko.com

lepinedoree.com

fundsrecoveryexperts.com

Targets

- Target
  
  e79bd8b4aa11afd86c932fa441d6544e_JaffaCakes118
- Size
  
  475KB
- MD5
  
  e79bd8b4aa11afd86c932fa441d6544e
- SHA1
  
  eea8d0048c7b4ae55127665b5e6991a112dd0c32
- SHA256
  
  d1a6eb1637a42a3098f5b0ecbfdcb7011422cdc110a9d481043ddc964cc49cb1
- SHA512
  
  17b93470ab610ffe5b968d86e1f9a46efa50142005e60bda8de85d1a4f56df09ad828337b7bf84f9fd0aaa40b4bc4157877ecb7a0c365e1f86dbb0387a3fa705
- SSDEEP
  
  12288:a5qGhlH60YUkNEB3ZjkeZvz4MhXUyHKjedkt+cTpPRuusB:aD6QP/K2VB
Score

10^/10

formbook gtl discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2