formbook

General

Target

30f84d66b850580d08b5a68593d0f790_JaffaCakes118
Size

342KB
Sample

241010-vh6cxa1hpq
MD5

30f84d66b850580d08b5a68593d0f790
SHA1

09e34adc9c9f5b5de584d72a7282de3022208023
SHA256

c5aeea780284df094e25baa02aedae7dac89bb65c3f110499f22588c9e53d522
SHA512

ca2509924e8f92e0b129b4ffb014c052e1197900223dd021f71012ef012a03b2289827fe7a211ac4f966c8fed2fe069bb8498cdd57994c648e270dab413d582e
SSDEEP

6144:Ik/biCJd6lXUPqbdc8XWA1taAnj4Tbwpb2w5xomQ46MQFGVOiRtub6wUjp1eDPW3:I6TdbPqbe8d19kTbQD5xtQUsibhV91+W

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k1rc

Decoy

manchesterflowerwalls.com

hyperhostns.info

leverj.exchange

bringcovidhome.com

natalieball.com

glaseye.com

buyersmeetsellers.net

dronerealestate.net

calfwag.com

hoodhippy.com

prophunting.com

yange03.com

ffpgv.top

valengz.com

handbagsbreeze.com

excellencepi.com

iopsms.xyz

farmacykauai.com

dmarc.press

aridham.com

Targets

- Target
  
  rrk590123c.exe
- Size
  
  297KB
- MD5
  
  668a6855d8ce2efa9f23170bd7c5ac5e
- SHA1
  
  0586ab192841fa947644184d667e81640ea25957
- SHA256
  
  7dcb1ee79eae7ff95e311aa25d0f73f1d89c266a8f609dfd31782054b03c3de6
- SHA512
  
  7070bb748df0445b88c2438dd738967d61f10523a148e6df84088dd0baba36c5a4861685056f024b2f55b8f3bf1a7021a8a5adc43ed7d0580937d1de8c5a87de
- SSDEEP
  
  6144:hsg/lR8Nb2PKfOlQQ7b5q9lDY5m0cW6qpzt1lOMzxGusc7d5iv2:hsg/lmbjzjtMiO5iv2
Score

10^/10

formbook k1rc discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2