formbook | 6a86727505f9aacbb6e9d67445b8e99d23e37d9db46a737e1b2c72274332cb41 | Triage

Sharing

General

Target

eaf957fed02fc143802d3eff11d4dddf_JaffaCakes118
Size

1.4MB
Sample

240919-kp6l5szdqe
MD5

eaf957fed02fc143802d3eff11d4dddf
SHA1

ce04e0cbca0fd7e1abe322a7f94a7eb01ddf72cb
SHA256

6a86727505f9aacbb6e9d67445b8e99d23e37d9db46a737e1b2c72274332cb41
SHA512

ae164f196583f7a2a6b12a902fa118e30a0f653700c30aa17ab97219b9c5f6eaaad3f765fab89b6ff5da48b521f283c45c73e20d38e76ff6c2c55f99b82df612
SSDEEP

12288:zJW/kYR3J9bXwjnA7fUL64zJuk8q0UmA1NzENYgnBKPqSY29oPtrPN4In5VreTCf:fs/vQL4uY

Score

10^/10

formbook j3gd discovery execution rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

j3gd

Decoy

lpumanagement.com

seafreshindia.com

progetto-energia.com

anthonyconstantis.com

wuhanyinyue.com

rimflso.com

zayedcenter.net

toggturkish.com

grayshottspalife.com

migliorarelasalute.website

micj1426.com

salicosmetic.com

renospro.com

fantasiegeschichten.com

velvetgoo.art

chasernt.online

mojogrup.com

beer-app.com

workitsexyguru.com

rmhansonfreelancewriting.com

Targets

- Target
  
  eaf957fed02fc143802d3eff11d4dddf_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  eaf957fed02fc143802d3eff11d4dddf
- SHA1
  
  ce04e0cbca0fd7e1abe322a7f94a7eb01ddf72cb
- SHA256
  
  6a86727505f9aacbb6e9d67445b8e99d23e37d9db46a737e1b2c72274332cb41
- SHA512
  
  ae164f196583f7a2a6b12a902fa118e30a0f653700c30aa17ab97219b9c5f6eaaad3f765fab89b6ff5da48b521f283c45c73e20d38e76ff6c2c55f99b82df612
- SSDEEP
  
  12288:zJW/kYR3J9bXwjnA7fUL64zJuk8q0UmA1NzENYgnBKPqSY29oPtrPN4In5VreTCf:fs/vQL4uY
Score

10^/10

execution formbook j3gd discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

formbookj3gddiscoveryexecutionratspywarestealertrojan