formbook | 6b0af32dca1211680c0879e37e91f18fcb57f1e93dd54df4e0ed098efca7825e | Triage

Sharing

General

Target

6d782a7bdce2d6f9cb086f77aa27d4cd_JaffaCakes118
Size

922KB
Sample

241023-g32zbsvfna
MD5

6d782a7bdce2d6f9cb086f77aa27d4cd
SHA1

19adeaa2cc3413795759d85d38f0239a5b3dd2c1
SHA256

6b0af32dca1211680c0879e37e91f18fcb57f1e93dd54df4e0ed098efca7825e
SHA512

8ea10ebb27b54385a68b8dbbc043c57f8f85aff801aebe4c0d0b75778e3dd3281727a7d1a4c77cfd435cc2813c0f55a641c6f0bb89849b98ff489e924d4904a3
SSDEEP

24576:y/aIfsXeIGu5vozpnaqRSV6InF+gKboyA:/IfsOtu69aqRSV80yA

Score

10^/10

formbook jdkn discovery execution rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jdkn

Decoy

salkblend.com

theourworld.foundation

microsoftofficeweb.com

7mi3.com

eltoncastee.com

threeingredientcocktails.com

vibecity.online

moka-s.com

mezo-meats.com

goldbarrbrand.com

pildoreando.com

pbqjm.com

xiaoshuhr.com

gaythemedfilm.club

fuckedupforpay.com

realengolife.com

vstarnailsandspa.com

bodurm.com

alphaden.club

sanatanies.com

Targets

- Target
  
  6d782a7bdce2d6f9cb086f77aa27d4cd_JaffaCakes118
- Size
  
  922KB
- MD5
  
  6d782a7bdce2d6f9cb086f77aa27d4cd
- SHA1
  
  19adeaa2cc3413795759d85d38f0239a5b3dd2c1
- SHA256
  
  6b0af32dca1211680c0879e37e91f18fcb57f1e93dd54df4e0ed098efca7825e
- SHA512
  
  8ea10ebb27b54385a68b8dbbc043c57f8f85aff801aebe4c0d0b75778e3dd3281727a7d1a4c77cfd435cc2813c0f55a641c6f0bb89849b98ff489e924d4904a3
- SSDEEP
  
  24576:y/aIfsXeIGu5vozpnaqRSV6InF+gKboyA:/IfsOtu69aqRSV80yA
Score

10^/10

discovery execution formbook jdkn rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

formbookjdkndiscoveryexecutionratspywarestealertrojan