formbook

General

Target

f8febc5ef6d06287958f59fdad7684f2_JaffaCakes118
Size

316KB
Sample

240926-xdsmcssarm
MD5

f8febc5ef6d06287958f59fdad7684f2
SHA1

fbd6fa881ef273c75467e461effbf6ca46b0d916
SHA256

3c68285c9fa16c73c5e421f4189afa8e32a211720091fa44952a835371790e45
SHA512

3d33430485ea114b1c9fca62258a32784f45a803690633f65edd6f2476a290e896a63747ce6d03d016440bf20f10acc37af9855761ad8ef9bea47bdcb73f46d3
SSDEEP

6144:62HPYyotyounyNnbW0iUKQ/+M0mIsHi2azRhZmi:bHmcouyNbWmKe0mIT2az3Z7

Score

10^/10

formbook ai agilenet discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

ai

Decoy

seedtobank.info

knightgrandcommander.com

wwwpj8899.com

incorporeweb.com

azstkdlodz.com

neverstophunting247.com

oc000.com

netizenstoastmasters.com

bjsc81.com

ddbcpx.info

sonharq.com

yeni.agency

yun-bim.com

wangyuqiong.com

actioncoachmanuel.com

fused-silicas.com

cryptoinvest.finance

atrevase.com

njet.ltd

dontbewet.com

Targets

- Target
  
  f8febc5ef6d06287958f59fdad7684f2_JaffaCakes118
- Size
  
  316KB
- MD5
  
  f8febc5ef6d06287958f59fdad7684f2
- SHA1
  
  fbd6fa881ef273c75467e461effbf6ca46b0d916
- SHA256
  
  3c68285c9fa16c73c5e421f4189afa8e32a211720091fa44952a835371790e45
- SHA512
  
  3d33430485ea114b1c9fca62258a32784f45a803690633f65edd6f2476a290e896a63747ce6d03d016440bf20f10acc37af9855761ad8ef9bea47bdcb73f46d3
- SSDEEP
  
  6144:62HPYyotyounyNnbW0iUKQ/+M0mIsHi2azRhZmi:bHmcouyNbWmKe0mIT2az3Z7
Score

10^/10

formbook ai agilenet discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Obfuscated with Agile.Net obfuscator

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2