formbook

General

Target

09ef9306539a1cd532d9985f3a2856a6_JaffaCakes118
Size

726KB
Sample

241002-k5xn6sybkm
MD5

09ef9306539a1cd532d9985f3a2856a6
SHA1

3b2c26fff9fbdd0f44eb7d06400c7b0db5c2241b
SHA256

9b47637ecdf8e69614cb8ab22f9bddc0cc1719eca7f6ae87b0e988b9fb1cfdce
SHA512

e25d7ac4323e52ad13e9f9729f3a626f2d325d5990a0687fd1f59b87e06b9bca107c2fe5ac12c3a7c1dd92342c2b0887271f101dfd721f862b83de1048c5960b
SSDEEP

12288:jXfpEdonTdVMYlCZ/PbrabB5wCeSS6l/r1HWW6uPh7zZh5:jXfpEdonTdu8a/PbrkB5wVSBl/r1HWWP

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

private

Decoy

evilunderworldmall.com

davidovicmirko.com

incrediblechildrenscostume.com

langsgo.com

ibex-japan.com

findhotel.coupons

logo8536.com

meyerparkdental.com

digitaltoken.exchange

chatramuetaiwan.com

yulibao.net

michaelandcolaw.com

sapeur-hairfactory.net

louisianamodernsmiles.com

finleighelderton.com

knlwpaj.download

directorionacionaldesalud.com

sdasdfasdfasdf45.com

hefeihuli.com

woxa.ltd

Targets

- Target
  
  09ef9306539a1cd532d9985f3a2856a6_JaffaCakes118
- Size
  
  726KB
- MD5
  
  09ef9306539a1cd532d9985f3a2856a6
- SHA1
  
  3b2c26fff9fbdd0f44eb7d06400c7b0db5c2241b
- SHA256
  
  9b47637ecdf8e69614cb8ab22f9bddc0cc1719eca7f6ae87b0e988b9fb1cfdce
- SHA512
  
  e25d7ac4323e52ad13e9f9729f3a626f2d325d5990a0687fd1f59b87e06b9bca107c2fe5ac12c3a7c1dd92342c2b0887271f101dfd721f862b83de1048c5960b
- SSDEEP
  
  12288:jXfpEdonTdVMYlCZ/PbrabB5wCeSS6l/r1HWW6uPh7zZh5:jXfpEdonTdu8a/PbrkB5wVSBl/r1HWWP
Score

10^/10

formbook private discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2