formbook

General

Target

5da37b461ae4c329da6de8b9bc35709b_JaffaCakes118
Size

291KB
Sample

241019-vdpjlayekn
MD5

5da37b461ae4c329da6de8b9bc35709b
SHA1

f2514d654aa685c01f77176186ebab163757530d
SHA256

c4d47153405e6371ce64b331bed9178e45c5f54bfba505375d6d8918e68216b9
SHA512

24b6d66a5775ca3cdb816725b467a2991b825b7ed8b95ef64f523080ddf911f05198afeb2e30c986f9a208bc334fbb9b00eb21091c705ed5c591d9f437df0462
SSDEEP

6144:+nLbAxPs3oamUIsFWbmv3phOsWqRLOy0BxJgLBI:+nHqk3ojAplR6ygYL

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c244

Decoy

ssgasija.com

procyoon.com

mood-street-food.com

yeglifeview.com

baoyai.com

sundarsheni.com

notoli.photography

sweetape.com

ergas.group

asyrill.com

jin188v.com

stlazarushospitalnola.com

dohertyfamily5.com

duniaclubs.club

ngobryles.com

scottsavocasalon.com

unifiui.com

baileyfred.com

nabiagency.com

alyssaternanphotography.com

Targets

- Target
  
  5da37b461ae4c329da6de8b9bc35709b_JaffaCakes118
- Size
  
  291KB
- MD5
  
  5da37b461ae4c329da6de8b9bc35709b
- SHA1
  
  f2514d654aa685c01f77176186ebab163757530d
- SHA256
  
  c4d47153405e6371ce64b331bed9178e45c5f54bfba505375d6d8918e68216b9
- SHA512
  
  24b6d66a5775ca3cdb816725b467a2991b825b7ed8b95ef64f523080ddf911f05198afeb2e30c986f9a208bc334fbb9b00eb21091c705ed5c591d9f437df0462
- SSDEEP
  
  6144:+nLbAxPs3oamUIsFWbmv3phOsWqRLOy0BxJgLBI:+nHqk3ojAplR6ygYL
Score

10^/10

formbook c244 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2