formbook

General

Target

fc9a7d91c44b35ac45235cbd428d5f71_JaffaCakes118
Size

428KB
Sample

240928-szpqdawapd
MD5

fc9a7d91c44b35ac45235cbd428d5f71
SHA1

3a2306041f07ac63b24375f2393cdcaae4a9aff2
SHA256

10a9aab39489aa507d35bb18b357ca6c9f8642d8fa27fc1ad9c7de03c8e9415d
SHA512

d235cd67e1e74675a1adaeffc89df82b2314dcb0d8f67887a9b9b0d14e9f3a0bd5c6c3df47ed08e6ab7f5de879be32b8434aa1843647b911629018db1312bdfc
SSDEEP

12288:QnOLBomnNZTudDLhkNbjPNUg6zhDn1ShWOi:QnkymnN6SNXWg6z91AWOi

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cmg

Decoy

bestessentialcare.com

lemonguild.com

veronabling.com

omvzshop.com

austingutterrepair.com

noracbn.com

shizukis.com

keatingfreelanceservice.com

teamtobook.com

mqcsegurosyfinanzas.com

t-chou-pino-v.com

yuyunst.com

ctlaltignite.com

zinaidaphoto.com

ag-gis.com

hdollars.net

usa-zuche.com

opexsoftwaresupport.com

kaizenseed.com

thejoyshare.com

Targets

- Target
  
  fc9a7d91c44b35ac45235cbd428d5f71_JaffaCakes118
- Size
  
  428KB
- MD5
  
  fc9a7d91c44b35ac45235cbd428d5f71
- SHA1
  
  3a2306041f07ac63b24375f2393cdcaae4a9aff2
- SHA256
  
  10a9aab39489aa507d35bb18b357ca6c9f8642d8fa27fc1ad9c7de03c8e9415d
- SHA512
  
  d235cd67e1e74675a1adaeffc89df82b2314dcb0d8f67887a9b9b0d14e9f3a0bd5c6c3df47ed08e6ab7f5de879be32b8434aa1843647b911629018db1312bdfc
- SSDEEP
  
  12288:QnOLBomnNZTudDLhkNbjPNUg6zhDn1ShWOi:QnkymnN6SNXWg6z91AWOi
Score

10^/10

formbook cmg discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2