formbook

General

Target

ffe26ed83f513b68a3cdf68a9d971858_JaffaCakes118
Size

567KB
Sample

240930-d7tlzawdmn
MD5

ffe26ed83f513b68a3cdf68a9d971858
SHA1

c61aa6141026ed3fc190dbb3e46eac1c966d4133
SHA256

8b53c85d1e84765875c93d5486a523b1913e72fc5a74ce18b162e63fe257f93f
SHA512

bc4acead832821c30dad2a108670c188a3302ca9e460701078951a4226278d9191320cf59f11197520aded2e77b30a68fa7a8395f58b9f2aff90e3a3d633b6a6
SSDEEP

12288:tiTzYG1w0wODUfOmKRBE5GyGghs9jPCCKxxO:tiTz/tUfHKzZy7cjPCC

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mtc

Decoy

skraggle.com

engtengmyanmar.com

bluegrasscruises.com

komod-fashion.com

ontheedgeofbrave.com

ahfhhubuh12475.com

nevergiveuphealth.net

satriwarni.com

thongdiennuoc.com

her-sobriety.com

ancientayurveda.asia

bigkahunatri.com

citcitizensone.com

mainesustainability.com

vcglamco.com

excessiverpm.com

waistproexclusive.com

mecksitall.com

hotelmapura.com

pogbet.net

Targets

- Target
  
  ffe26ed83f513b68a3cdf68a9d971858_JaffaCakes118
- Size
  
  567KB
- MD5
  
  ffe26ed83f513b68a3cdf68a9d971858
- SHA1
  
  c61aa6141026ed3fc190dbb3e46eac1c966d4133
- SHA256
  
  8b53c85d1e84765875c93d5486a523b1913e72fc5a74ce18b162e63fe257f93f
- SHA512
  
  bc4acead832821c30dad2a108670c188a3302ca9e460701078951a4226278d9191320cf59f11197520aded2e77b30a68fa7a8395f58b9f2aff90e3a3d633b6a6
- SSDEEP
  
  12288:tiTzYG1w0wODUfOmKRBE5GyGghs9jPCCKxxO:tiTz/tUfHKzZy7cjPCC
Score

10^/10

formbook mtc discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2