formbook

General

Target

f704788608711d14f5f6c20d7939088a_JaffaCakes118
Size

744KB
Sample

240925-2v83wssdnq
MD5

f704788608711d14f5f6c20d7939088a
SHA1

29a06d1b0cc4231f90ec612a70804ba0b8b37d5a
SHA256

faf33adac687fbb353a51437c8efacf4ccd94153c4f9514dc31a905a8d4a2f52
SHA512

ddd77d64888b0734709c3136050cc7f5182c67bd197ae1ea4ae258a09605e0859d30587b7573ddf7648dd3231bdccb52582242f42a37d1cb5c4018a622a84ebc
SSDEEP

12288:C1eRRAfxCIUnyNOI/SN/HWQZUpO0ZTaEb33zDbr1ClM4Z3C:kiRO8nyNOI0u7bT/Hm

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kb09

Decoy

chautan.com

23hills.com

shop-the-top.xyz

danceleadsunlimited.com

harusnegaskas.com

commandserviceman.com

radio-advertisement.com

2gounlock.com

doblenudobylvillamesa.com

vz199.com

infiniteheartandsoul.com

bluemountainbeachbrewery.com

ushealthvisa.com

exposition-lovo.com

ibdgsolutions.com

hauskaat.com

constantpowerco.com

dgbaisi.com

lenderexpo.com

murrimurrdi.com

Targets

- Target
  
  f704788608711d14f5f6c20d7939088a_JaffaCakes118
- Size
  
  744KB
- MD5
  
  f704788608711d14f5f6c20d7939088a
- SHA1
  
  29a06d1b0cc4231f90ec612a70804ba0b8b37d5a
- SHA256
  
  faf33adac687fbb353a51437c8efacf4ccd94153c4f9514dc31a905a8d4a2f52
- SHA512
  
  ddd77d64888b0734709c3136050cc7f5182c67bd197ae1ea4ae258a09605e0859d30587b7573ddf7648dd3231bdccb52582242f42a37d1cb5c4018a622a84ebc
- SSDEEP
  
  12288:C1eRRAfxCIUnyNOI/SN/HWQZUpO0ZTaEb33zDbr1ClM4Z3C:kiRO8nyNOI0u7bT/Hm
Score

10^/10

formbook kb09 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2