formbook | b77514c2e7f724916721d371d23770f66b28c22e7cad05c1b080067b5eca6d34 | Triage

Sharing

General

Target

fe0bb66a63f9a8f1891f1baef1be0d47_JaffaCakes118
Size

368KB
Sample

240929-h668wsxcrd
MD5

fe0bb66a63f9a8f1891f1baef1be0d47
SHA1

f9905ab3e9de2909a8a807378c459f5afeac715b
SHA256

b77514c2e7f724916721d371d23770f66b28c22e7cad05c1b080067b5eca6d34
SHA512

e42ee3af5fceafa66be9695754771bb2bd73f580fe309359951b607c1df725837b5e4ce614c8726c6c5f20765370c7861c9157a73063080de5a00493ee8c72b5
SSDEEP

6144:WbRXfXZ2MYT46mmYUPGkYA3dXTGWpttSjG14VQq3hw:0RvXZxKm4xYEGc/Sj64Gqxw

Score

10^/10

formbook tr discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

tr

Decoy

kellerkreation.com

betwin45.com

dypacademy.com

afiliadoninja.com

mylobsterhouse.com

chargercameras.com

unseendaily.com

arsilab.com

easyexammanager.info

pleanew.win

kruidengeur.com

4virt.com

nbfjioj.com

mydresssuccess.com

hbgslng.com

sorezqi2u.com

cdhairspa.biz

halalstocks.net

jujialong.com

nancyzhao.tech

Targets

- Target
  
  fe0bb66a63f9a8f1891f1baef1be0d47_JaffaCakes118
- Size
  
  368KB
- MD5
  
  fe0bb66a63f9a8f1891f1baef1be0d47
- SHA1
  
  f9905ab3e9de2909a8a807378c459f5afeac715b
- SHA256
  
  b77514c2e7f724916721d371d23770f66b28c22e7cad05c1b080067b5eca6d34
- SHA512
  
  e42ee3af5fceafa66be9695754771bb2bd73f580fe309359951b607c1df725837b5e4ce614c8726c6c5f20765370c7861c9157a73063080de5a00493ee8c72b5
- SSDEEP
  
  6144:WbRXfXZ2MYT46mmYUPGkYA3dXTGWpttSjG14VQq3hw:0RvXZxKm4xYEGc/Sj64Gqxw
Score

10^/10

formbook tr discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooktrdiscoveryratspywarestealertrojan

behavioral2

formbooktrdiscoveryratspywarestealertrojan