formbook

General

Target

34b98ee11bf18c5f1433e8d0479927cd_JaffaCakes118
Size

868KB
Sample

241011-pdtweswgrl
MD5

34b98ee11bf18c5f1433e8d0479927cd
SHA1

8475a9efb33970e10826b81be8c0ca9254280dab
SHA256

5c641b6db0eefe6714c87ff5b82d14671996c85e9614ba1eb4b036f4ee551dea
SHA512

f9f85b9a0f0d5f894bc49206b4cb3f56a046c7716fcc0c2f9b9ae20ae0c6977bc1c64c1f78c01e9dea58d078699d07b62c330d3946cdf77a4d28bf275091265a
SSDEEP

24576:d+MKgPp9AR95y/BVwUBCqUalFgz7qgEq:fPpKRy//QMFgzxE

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

4kx

Decoy

eufood.info

theprotestmatters.com

khauchakhajina.com

008usa-xxf.com

backriverroadsportsplex.com

shopalndrinks.com

necght.xyz

summaryborrow.info

mys518.com

shopapemodeapparel.com

christineroseartiste.com

rsw2226.com

ashes-of-creation.com

shamilalyadin.com

learning-synergy.com

sendstats.net

waverdemo.tech

dubestol.com

bolterbunny.com

beerciderrebattes.com

Targets

- Target
  
  34b98ee11bf18c5f1433e8d0479927cd_JaffaCakes118
- Size
  
  868KB
- MD5
  
  34b98ee11bf18c5f1433e8d0479927cd
- SHA1
  
  8475a9efb33970e10826b81be8c0ca9254280dab
- SHA256
  
  5c641b6db0eefe6714c87ff5b82d14671996c85e9614ba1eb4b036f4ee551dea
- SHA512
  
  f9f85b9a0f0d5f894bc49206b4cb3f56a046c7716fcc0c2f9b9ae20ae0c6977bc1c64c1f78c01e9dea58d078699d07b62c330d3946cdf77a4d28bf275091265a
- SSDEEP
  
  24576:d+MKgPp9AR95y/BVwUBCqUalFgz7qgEq:fPpKRy//QMFgzxE
Score

10^/10

formbook 4kx discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2