formbook

General

Target

625959a89a80ab1f8bbd5ab00fe5d7bd_JaffaCakes118
Size

682KB
Sample

241020-p5214sygpb
MD5

625959a89a80ab1f8bbd5ab00fe5d7bd
SHA1

9e6c739f7f55c9741de97ef965061c093cfa31bc
SHA256

f31a6236317cca6357085df19cf0805097ae4bb6f78cf146b8f419d179386efd
SHA512

301cbeeab1a6c08e64f61539934d233fa7eef59a4eeb74d2d698da0f51fef85834d4e239a2e145d6fd5182e86b94086e2ddf28bdcc5ff06f7c741f7e8e01bf6d
SSDEEP

6144:gIPxuedVfSu7JXr6ehPIEUYx+5JFCIaLvevHPH+xNURhmNbaCC:gI5bDtXr76e45nCFevvevU2b6

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fndy

Decoy

nerorog.com

gsdyqf.com

spyxcase.com

wassyoiseikatsu.net

binarytotext.online

conflictdynamicsprofile.com

forepast.com

raleighproduction.com

icqbet.net

applesgravity.com

lasmargsdenver.com

wordspanpublishing.com

sozialmediamarekting.com

sanaulahmalik.com

trufflesales.com

rajakreditmobil.com

remoteandfreelance.com

sunny-since-we-met.net

heloisecommunication.com

theatreimagination.com

Targets

- Target
  
  625959a89a80ab1f8bbd5ab00fe5d7bd_JaffaCakes118
- Size
  
  682KB
- MD5
  
  625959a89a80ab1f8bbd5ab00fe5d7bd
- SHA1
  
  9e6c739f7f55c9741de97ef965061c093cfa31bc
- SHA256
  
  f31a6236317cca6357085df19cf0805097ae4bb6f78cf146b8f419d179386efd
- SHA512
  
  301cbeeab1a6c08e64f61539934d233fa7eef59a4eeb74d2d698da0f51fef85834d4e239a2e145d6fd5182e86b94086e2ddf28bdcc5ff06f7c741f7e8e01bf6d
- SSDEEP
  
  6144:gIPxuedVfSu7JXr6ehPIEUYx+5JFCIaLvevHPH+xNURhmNbaCC:gI5bDtXr76e45nCFevvevU2b6
Score

10^/10

discovery formbook fndy rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2