formbook

General

Target

f5c9afcc50905b9670479f4fc959cc46_JaffaCakes118
Size

416KB
Sample

240925-mb5tsszdpn
MD5

f5c9afcc50905b9670479f4fc959cc46
SHA1

771e672ffd89bcdd62b5fac8980f7b4f2b388159
SHA256

e4947b26c5306a3abf3699d57d332983f1fd64c7d0b676e49f6dfa8bafca59d0
SHA512

fafa361823738264586bc4019c70f7ac47325fa44258c1e9bdf1bd6fb9a9a81a952d57b35578aeb760d2d23135e62ec1290cbf06839d85485e9a40dea2309227
SSDEEP

12288:hGMruu5awjsK+/oSq+ZsDK/J9iNoJ/mFe38FHJKslXc1e7Tn:nS4VjsK+zPsDKdJ+FQ8F77Tn

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n7ak

Decoy

audereventur.com

huro14.com

wwwjinsha155.com

antiquevendor.com

samuraisoulfood.net

traffic4updates.download

hypersarv.com

rapport-happy-wedding.com

rokutechnosupport.online

allworljob.com

hanaleedossmann.com

kauai-marathon.com

bepbosch.com

kangen-international.com

zoneshopemenowz.com

belviderewrestling.com

ipllink.com

sellingforcreators.com

wwwswty6655.com

qtumboa.com

Targets

- Target
  
  pago SWift pdf.exe
- Size
  
  630KB
- MD5
  
  391975e669d455f1adecc5ca6a60f66a
- SHA1
  
  727851ce8c287a4c080994f891ed78352cc93b8e
- SHA256
  
  c76a77d2c81deab2fda96cc7cfcd42ca3886522b254ab6fa7448c7db8692e00a
- SHA512
  
  6629176a34216a678bfc8c4bb24056fc03e8a6c4a5d1314ec8f2d5b156cb0610a3eba666c3a3a5ef95964e54d00b83a41d937e038ba5270adec3dd3830468ec8
- SSDEEP
  
  12288:6MzAvm9T+nin+nin+ni3AqeFsfWNhRaNoLDSFI3cFHh20QL+niu:6aAO9T+in+in+iQNsfWnL2FucFg+i
Score

10^/10

formbook n7ak discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2