formbook

General

Target

5615be335807b5eb2d4c9f59f5f914dd_JaffaCakes118
Size

809KB
Sample

241018-hxxm4atdmh
MD5

5615be335807b5eb2d4c9f59f5f914dd
SHA1

8c4dfb652aced72e0fa9630f8b0146ef9f80dc9b
SHA256

d6b9ef1899c1b113371f34db9d306763e20d9dc759fb9975982a53e6a11b1f5b
SHA512

0b759914251a21212f944e0d215fc7e8ac4c55c96b5b8520f26ab0a5d5111d6760c75bb510756ed2c4591fa7ab3a908ff5a299897e16d4dd461cc3969e1cacd2
SSDEEP

12288:PEQoWX2y6qHcwTeGKJEq/y6INX6LRgU7e9gl8YWvroHcHuPJnBOUu7+OrFjL8DP:KweGq/wKgDefLbt2+OrNcP

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

glgd

Decoy

cdcbullies.com

qidajixie.com

bgimlv.com

sunflowerhybrid.com

kemal.cloud

canadadirect.net

mickey2nd.com

fastjobssearcher.com

tiny-tobi.com

inmedixequus.com

coollifeideas.com

triadelectronicsupply.com

lambyo.com

zxyoo.com

spokanemusicmag.com

sortporn.com

deadroomnyc.com

313mail.com

hexiptv.net

stanbiccargo-express.com

Targets

- Target
  
  5615be335807b5eb2d4c9f59f5f914dd_JaffaCakes118
- Size
  
  809KB
- MD5
  
  5615be335807b5eb2d4c9f59f5f914dd
- SHA1
  
  8c4dfb652aced72e0fa9630f8b0146ef9f80dc9b
- SHA256
  
  d6b9ef1899c1b113371f34db9d306763e20d9dc759fb9975982a53e6a11b1f5b
- SHA512
  
  0b759914251a21212f944e0d215fc7e8ac4c55c96b5b8520f26ab0a5d5111d6760c75bb510756ed2c4591fa7ab3a908ff5a299897e16d4dd461cc3969e1cacd2
- SSDEEP
  
  12288:PEQoWX2y6qHcwTeGKJEq/y6INX6LRgU7e9gl8YWvroHcHuPJnBOUu7+OrFjL8DP:KweGq/wKgDefLbt2+OrNcP
Score

10^/10

discovery formbook glgd rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2