formbook

General

Target

5bb908bc26d924f82881c7b6bacab8cd_JaffaCakes118
Size

904KB
Sample

241019-kazkaawenh
MD5

5bb908bc26d924f82881c7b6bacab8cd
SHA1

9d2be3781553beefc962f0915cf0efd62a60f71e
SHA256

000c575f75146d5a79c2f0c6a3e60dd6544815c0937fec71418efa90ac0f6443
SHA512

fd5b00565bc2c40ed7edaa316ea4efd4fb7341a8e346b239bb308c1072673236f4e4c2fc87bbe4d5fce357977fc2f736724990bf85b17af163797e60e12e5b5d
SSDEEP

12288:ADhHB8r1nmaZw413xiUk0FZ9LqCWAITNwcUOpkSkkFNpYmK7MhfIsMfK1oe+r0um:X1nXtPi6FfLqCzITNpmbmI4q

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

frf

Decoy

v7fg.com

vistapens.com

allthingsxbox.net

lishanshan.site

smartcontracttransportation.com

wwethunderdom.com

aromasdebrasil.com

wearingtoday.net

generacioneschurch.com

driversmov.com

pranasiouxfalls.com

asianamericannews.com

twinslifestyle.com

37pepler.com

ingelech.com

hutzelcontracting.com

open24-banking.com

therainbowmixpodcast.com

sudgallery.com

dreamme.xyz

Targets

- Target
  
  5bb908bc26d924f82881c7b6bacab8cd_JaffaCakes118
- Size
  
  904KB
- MD5
  
  5bb908bc26d924f82881c7b6bacab8cd
- SHA1
  
  9d2be3781553beefc962f0915cf0efd62a60f71e
- SHA256
  
  000c575f75146d5a79c2f0c6a3e60dd6544815c0937fec71418efa90ac0f6443
- SHA512
  
  fd5b00565bc2c40ed7edaa316ea4efd4fb7341a8e346b239bb308c1072673236f4e4c2fc87bbe4d5fce357977fc2f736724990bf85b17af163797e60e12e5b5d
- SSDEEP
  
  12288:ADhHB8r1nmaZw413xiUk0FZ9LqCWAITNwcUOpkSkkFNpYmK7MhfIsMfK1oe+r0um:X1nXtPi6FfLqCzITNpmbmI4q
Score

10^/10

formbook frf discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2