formbook

General

Target

ef072c5f7469a88ca616b35f21906da1_JaffaCakes118
Size

479KB
Sample

240921-ekc65stgjc
MD5

ef072c5f7469a88ca616b35f21906da1
SHA1

6e12db7215a102918ba498fe6831932d0bd9f060
SHA256

040b451ddeae61cc065f2d5e780aeee6ec8d58364a86f6a97a86e4c56efe5147
SHA512

b6fe68f77c499b8c68e44f900c8c3df05becd3d0231d09976438977d24fec337b0a0981745cf171ecccab7cab1ab1d09d892dcdbaad8ea253e03865cfd73adea
SSDEEP

6144:XToCpSRFx3JcLd87NH09lXLPRvBmE+0nkMeboO2P0gqXspWu5fXnrYrjuT7:XToRFx5cLgHAldvBm1x2P0gq8pWB

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

crb

Decoy

rghandicraft.com

miamiexpressservice.com

spicycenter.com

tool-kit.info

helpinghandcleanersllc.com

ailink.network

boosterpub.com

heysever.us

fanhush.com

extremelyrobust.com

energyslides.com

fitflopsoutletstore.us

torellys.com

thatsigns.com

promotionproduct.ltd

riskynihali.com

sozialesnetz.online

fotoindia3.com

oxydj.info

dsgvocc.com

Targets

- Target
  
  ef072c5f7469a88ca616b35f21906da1_JaffaCakes118
- Size
  
  479KB
- MD5
  
  ef072c5f7469a88ca616b35f21906da1
- SHA1
  
  6e12db7215a102918ba498fe6831932d0bd9f060
- SHA256
  
  040b451ddeae61cc065f2d5e780aeee6ec8d58364a86f6a97a86e4c56efe5147
- SHA512
  
  b6fe68f77c499b8c68e44f900c8c3df05becd3d0231d09976438977d24fec337b0a0981745cf171ecccab7cab1ab1d09d892dcdbaad8ea253e03865cfd73adea
- SSDEEP
  
  6144:XToCpSRFx3JcLd87NH09lXLPRvBmE+0nkMeboO2P0gqXspWu5fXnrYrjuT7:XToRFx5cLgHAldvBm1x2P0gq8pWB
Score

10^/10

formbook crb discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2