formbook

General

Target

ff4ffd9a3232033f76865b29164e5f7e_JaffaCakes118
Size

359KB
Sample

240929-zml72szdmp
MD5

ff4ffd9a3232033f76865b29164e5f7e
SHA1

cee05ab39bdeeb35487dd1148c7d1a5b87fbde29
SHA256

5e449948561d45b21093b8e036c9d700dc2a80cb759563143908d05053a8d8ac
SHA512

a56442c7d26acdd4b8ec48214f3490d6bf8749be532ed49b90c9bf5938a5357ea3b462b07e4faac0a89a828294f247b6ec75ae796f1738652f9a7aad97df0f8b
SSDEEP

6144:8brqW2GhN1/HKthSWSFZMMV+iPKGy5UHDfh0kEt8EPMGrRyGqpJc:8brH2iNPFZMMVfKG7KvxPMUkJc

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

3ens

Decoy

loopsimulation.com

xinhepg.com

poolstorespa.com

animallvet.com

radioproinstore.com

bjzltzjt.com

salina-workplace.com

aewc-cars.com

allenoldcroft.com

carpetcleaningfriscotexas.net

treasure.expert

namastefrog.com

villagesvacationrentals.com

sobeautifulllc.com

kidszone.biz

coppbetatest.com

wwwbw53.com

mrmesquitenv.com

seaside-estate-sales.com

fusdq.info

Targets

- Target
  
  ff4ffd9a3232033f76865b29164e5f7e_JaffaCakes118
- Size
  
  359KB
- MD5
  
  ff4ffd9a3232033f76865b29164e5f7e
- SHA1
  
  cee05ab39bdeeb35487dd1148c7d1a5b87fbde29
- SHA256
  
  5e449948561d45b21093b8e036c9d700dc2a80cb759563143908d05053a8d8ac
- SHA512
  
  a56442c7d26acdd4b8ec48214f3490d6bf8749be532ed49b90c9bf5938a5357ea3b462b07e4faac0a89a828294f247b6ec75ae796f1738652f9a7aad97df0f8b
- SSDEEP
  
  6144:8brqW2GhN1/HKthSWSFZMMV+iPKGy5UHDfh0kEt8EPMGrRyGqpJc:8brH2iNPFZMMVfKG7KvxPMUkJc
Score

10^/10

formbook 3ens discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2