formbook

General

Target

f66c9cdd72c44e4b585d523a94b3a768_JaffaCakes118
Size

415KB
Sample

240925-t4y1aavhrn
MD5

f66c9cdd72c44e4b585d523a94b3a768
SHA1

6b25a36565b7d6ea84c86b75bdff9d2768db44ac
SHA256

5ac4458de2fc814ec147c972c72df6a94d434b168136637100344e1b5aeb2ff0
SHA512

0a575d5be9a938b3e83277f8218da34616186092c46e50d50b016a53e7c8035641b37e20c2d182aabd0a18094d9c7cf99d9b192f0ea607f44490acb712819e6e
SSDEEP

6144:v4KA39Uj27mcCvNXGEB6wtU+29QPR10lr/FVuL+4Bqw9WQHTrln+bTnO:WNUjoiN2S3tE9E0lrTuLhBzlh+bT

Score

10^/10

formbook xx discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

xx

Decoy

lingayatvivah.com

lassondefutureslab.com

wawahong.com

kgamdeyemyan.win

jiulong.store

madeforretoil.com

primesocialpresents.com

boyslutsvr.com

elvab.com

relative.properties

unitceramics.com

websolutionsassitance.com

firecleantextiles.info

usinggo.online

lnfc120.com

siglo-ftp-everis.com

chat-al3nabi.net

razorsharpbarber.com

caijingbizhi.com

sorice.tech

Targets

- Target
  
  f66c9cdd72c44e4b585d523a94b3a768_JaffaCakes118
- Size
  
  415KB
- MD5
  
  f66c9cdd72c44e4b585d523a94b3a768
- SHA1
  
  6b25a36565b7d6ea84c86b75bdff9d2768db44ac
- SHA256
  
  5ac4458de2fc814ec147c972c72df6a94d434b168136637100344e1b5aeb2ff0
- SHA512
  
  0a575d5be9a938b3e83277f8218da34616186092c46e50d50b016a53e7c8035641b37e20c2d182aabd0a18094d9c7cf99d9b192f0ea607f44490acb712819e6e
- SSDEEP
  
  6144:v4KA39Uj27mcCvNXGEB6wtU+29QPR10lr/FVuL+4Bqw9WQHTrln+bTnO:WNUjoiN2S3tE9E0lrTuLhBzlh+bT
Score

10^/10

formbook xx discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2