formbook

General

Target

9b8ae24db4bf6a9b1201e78b70788ac9_JaffaCakes118
Size

461KB
Sample

241125-pwgntaxjcv
MD5

9b8ae24db4bf6a9b1201e78b70788ac9
SHA1

443a86c866e28a90413560f2f76947ee9abff4ff
SHA256

5729e17f6dd0c37811c10ffdf485d673ab67dcdc730d0e33ba9701a2e5801b11
SHA512

3d49fda058664ee07ef34e3d227de589cc844680b26106d46b63c86837b24ed0e44379bbf68b86adbb54ad5fa9291110732affb8ad1048858f069db78543b8aa
SSDEEP

12288:lUomEFRu3xEPEy8y6WX9aSqPIvaVJnwHZcQB0:jmOMSPEi6aKVJnqZcQu

Score

10^/10

formbook et discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

et

Decoy

askvest.com

lsrp-gaming.com

uugan15.com

smokinpenguin.com

sarandipiagaldar.com

utattemimasita.online

hhay.ltd

reje.ltd

jianzao360.com

myzenithcity.com

intentionallydope.today

javacacaepesca.com

publicservicebot.com

brucesilk.win

akbankdirekttmobile.com

topminidiggers.net

mycarpooltunnel.com

etfs247.com

edsouthey.com

objektschreiner.info

Targets

- Target
  
  9b8ae24db4bf6a9b1201e78b70788ac9_JaffaCakes118
- Size
  
  461KB
- MD5
  
  9b8ae24db4bf6a9b1201e78b70788ac9
- SHA1
  
  443a86c866e28a90413560f2f76947ee9abff4ff
- SHA256
  
  5729e17f6dd0c37811c10ffdf485d673ab67dcdc730d0e33ba9701a2e5801b11
- SHA512
  
  3d49fda058664ee07ef34e3d227de589cc844680b26106d46b63c86837b24ed0e44379bbf68b86adbb54ad5fa9291110732affb8ad1048858f069db78543b8aa
- SSDEEP
  
  12288:lUomEFRu3xEPEy8y6WX9aSqPIvaVJnwHZcQB0:jmOMSPEi6aKVJnqZcQu
Score

10^/10

formbook et discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2