formbook

General

Target

f270687d244795e7dfa8b7619f4de556_JaffaCakes118
Size

216KB
Sample

240922-vh6zfazepe
MD5

f270687d244795e7dfa8b7619f4de556
SHA1

80aa40f26bf2902128183184e44843ac79c86bf5
SHA256

e3ce3a0e808ffb6e979649c5a799f6b566aa87b403f392ce880c7eab6537fbb6
SHA512

28ba4aa2f319f1d2da0274549f7e6fd1646a5ff825fb6ed0debd84c52c1610096f440d87647e2d931807a60f1b921eb2e9c1d58de0018187b9a4504fa6edbaf0
SSDEEP

6144:xynHIryFJheyBkMvaGGJ0RCr5x4qrEZKUgKKZz:QHiAkM1RClx45pU

Score

10^/10

formbook d7 discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

d7

Decoy

hathanhnhan.net

beautiful-furniture.com

suzo.ltd

xinanxidiaowang.com

joytosell.com

xinyishi88.com

goldkeyvacationhomes.net

master-boxing.com

gofro.net

diamondcottagephuket.com

sawa777.com

znlhj66.com

tirangaspace.com

thebestcoffeemakers.info

rewajhosting.com

interfacerecords.com

amethyststarlight.com

jtj77.com

vigrxplusresults.net

embodiedtraumahealing.com

Targets

- Target
  
  f270687d244795e7dfa8b7619f4de556_JaffaCakes118
- Size
  
  216KB
- MD5
  
  f270687d244795e7dfa8b7619f4de556
- SHA1
  
  80aa40f26bf2902128183184e44843ac79c86bf5
- SHA256
  
  e3ce3a0e808ffb6e979649c5a799f6b566aa87b403f392ce880c7eab6537fbb6
- SHA512
  
  28ba4aa2f319f1d2da0274549f7e6fd1646a5ff825fb6ed0debd84c52c1610096f440d87647e2d931807a60f1b921eb2e9c1d58de0018187b9a4504fa6edbaf0
- SSDEEP
  
  6144:xynHIryFJheyBkMvaGGJ0RCr5x4qrEZKUgKKZz:QHiAkM1RClx45pU
Score

10^/10

formbook d7 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2