formbook

General

Target

19e4c0e192b1966e105f7cdc815d4861_JaffaCakes118
Size

877KB
Sample

241006-1pfnqa1hqg
MD5

19e4c0e192b1966e105f7cdc815d4861
SHA1

201261501086a6ca7511206ebf17232af50706b8
SHA256

e2ab98687c215cc7f4e84d11bdcc6a83d797944132901cbbd6b1c23a47efba08
SHA512

9bd0a604aa0df102503e7bf9b5b70c8b7740a365009e3755ed3eca4f8da85568ed6c1fe9810f734096c667705fc1c5d3c1fe4369d47912fd90c50aeb81b1a641
SSDEEP

12288:YVqGUslKAn3qGaNHEyC9/oR9gy5FHK7zcRLL+UVdgYjksp/4e6xrZ9dh6tLxgvvl:YnKAPp9AR95yOLL1jkwg3xVl6tu1

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

chad

Decoy

osiribodhisattva.com

e-ticaretdostu.com

integrocapitalllc.com

pasarbb.com

curavy.com

efcomportamento.com

twittertornado.com

siyhy.com

roamnext.com

hongduen.com

urbaanmarket.com

davidcavanaghreplays.com

comperhouse.com

ne-nerede.net

m365fordevs.com

structuredadvocates.com

withalldads.love

assanamusic.info

oshaberi-machiko.com

mollyellen.net

Targets

- Target
  
  19e4c0e192b1966e105f7cdc815d4861_JaffaCakes118
- Size
  
  877KB
- MD5
  
  19e4c0e192b1966e105f7cdc815d4861
- SHA1
  
  201261501086a6ca7511206ebf17232af50706b8
- SHA256
  
  e2ab98687c215cc7f4e84d11bdcc6a83d797944132901cbbd6b1c23a47efba08
- SHA512
  
  9bd0a604aa0df102503e7bf9b5b70c8b7740a365009e3755ed3eca4f8da85568ed6c1fe9810f734096c667705fc1c5d3c1fe4369d47912fd90c50aeb81b1a641
- SSDEEP
  
  12288:YVqGUslKAn3qGaNHEyC9/oR9gy5FHK7zcRLL+UVdgYjksp/4e6xrZ9dh6tLxgvvl:YnKAPp9AR95yOLL1jkwg3xVl6tu1
Score

10^/10

formbook chad discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2