formbook

General

Target

ae1516fa6f38b6c1a3e865041b869260_JaffaCakes118
Size

809KB
Sample

241129-a4q5wssmap
MD5

ae1516fa6f38b6c1a3e865041b869260
SHA1

367f1be22ba48b9cb65807d36b99775c98208856
SHA256

5f2ffac98f596f2ac911ad825fad722dd8b313ece8a84d0ccbb3d1618fac31d3
SHA512

42cdeb3b7b17b9834711827d58b520f470d6cd37f1b9517082281f8ba85fbf599e4b6c2aae34557eb71dc43af088746cf49534c401b0f37ec3a40bab731a0bd0
SSDEEP

24576:1SxKI7hmtiQw+sF33xRJBbmbkcSIPJtUxeLj8U7:1SNtmtiBN3plwBPJqijN

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bkbk

Decoy

myzshouse.com

elimabd.com

iandiphoto.com

k9yhf.com

lalaandthelight.com

spearteam6.com

tdv29mayiskoleji.net

senthamizholi.com

toprooferelpaso.com

homegraphicdesign.com

formas-de-ganar-dinero.online

psgvsfreelive.com

xclusivedispatch.com

qdhizwlti.icu

hananomi24.com

seikobaby.com

cursosinemlinea.com

vintage-transport.com

billings-identify.com

simplepartyplanning.com

Targets

- Target
  
  Scan.Salary.exe
- Size
  
  945KB
- MD5
  
  2350ab7c41c2711d6b12b157e1a3dc34
- SHA1
  
  5b93aceb600c94c186b5a59e04a4bfd661ff0dad
- SHA256
  
  9a51a3cc373a659071b939aabb27ed28c324e0e5ee7eb68967de657158e3c09f
- SHA512
  
  9c20a2946851ce935f341edd1d80325a0cc4c83f3a8a04e3b2eb664b761a81c85650405475a0c35367c1f0766b3f9c108e292d93790730d2f016d5ab0a6d4ace
- SSDEEP
  
  24576:Tl31bUgt734/iCs2sp577Rt7bIlkccI/JSqpP27DGk:Tl3xUu74/iNf7bPef/JSoP27D
Score

10^/10

formbook bkbk discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2