formbook

General

Target

4f3166df8a983e08948f066db754bf07_JaffaCakes118
Size

927KB
Sample

241016-1ltq6svbph
MD5

4f3166df8a983e08948f066db754bf07
SHA1

ae408b256eee4391535a6e965fa9df5858731b55
SHA256

4cc3c108df5e861d0fb0dcc7f4bcf8c7d717636204f5e0d242a316ce9475bf4a
SHA512

ad1b17515cba647dba74d97bd90f152bd42339962721233382692e6caa2be3fd65de5c30d7c47b711ce5f2e4fc5734fb7f0b055a8eff298e0ba0f294888bca46
SSDEEP

24576:HTLNnHzTuuJwS8xsniyXVVmX9IgK3KboM:HThnHzTL2DCiOcNI560M

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

amb6

Decoy

segurocars.com

rylautosales.com

xinglinjiankang.com

dantil-brand.com

sofaloffa.club

coinclub2.com

ez-pens.com

gqtlqsw.com

robotnewswire.com

ktproductreviews.com

merchbrander.com

yesonamendmentb.com

losgatoslimos.com

kristincole.art

metalmaids.online

leftcoastmodels.com

athetheist.com

jblbusrtingsale.com

chungcugiarehcm.com

renblockchain.com

Targets

- Target
  
  4f3166df8a983e08948f066db754bf07_JaffaCakes118
- Size
  
  927KB
- MD5
  
  4f3166df8a983e08948f066db754bf07
- SHA1
  
  ae408b256eee4391535a6e965fa9df5858731b55
- SHA256
  
  4cc3c108df5e861d0fb0dcc7f4bcf8c7d717636204f5e0d242a316ce9475bf4a
- SHA512
  
  ad1b17515cba647dba74d97bd90f152bd42339962721233382692e6caa2be3fd65de5c30d7c47b711ce5f2e4fc5734fb7f0b055a8eff298e0ba0f294888bca46
- SSDEEP
  
  24576:HTLNnHzTuuJwS8xsniyXVVmX9IgK3KboM:HThnHzTL2DCiOcNI560M
Score

10^/10

formbook amb6 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2