formbook

General

Target

b156ebc4529e10eafdd3a7a22193e892_JaffaCakes118
Size

223KB
Sample

241129-p2djca1kdk
MD5

b156ebc4529e10eafdd3a7a22193e892
SHA1

9b123124f0da7d54e0185256853aa9a98d015fdc
SHA256

6d5c7a67d4be55d1bc629e30053d4a143ce1b27f681e5a426e00bf99784b31eb
SHA512

717dfd96fd65c2477942fea0bd5712f7bd11ee8603f49d75d4995c44fe33b278ce28dc18358c940ae7fc92f906011ee80c290b798a90f1c7c27b8b5f7ce61bdf
SSDEEP

6144:AJsrgPaJ/lSAvspsCTIHDKfqxxX7pXmBg:AHi/l2sCcjmiX7pXmBg

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hdno

Decoy

tasteofsteak.com

lovedemingamerica.com

arizonaad.com

allbeautystation.com

theskinnybody.net

mywashbuddy.com

newspeak.watch

groomgarden.com

recommendproperty.com

pingshanhai.com

tianzeelectric.com

5335466.com

derbyescorts.com

quincyfreemannovels.com

ppeexchangeus.com

thesandcapital.com

natura.frl

twobonus.net

irx1.com

333lucky.net

Targets

- Target
  
  b156ebc4529e10eafdd3a7a22193e892_JaffaCakes118
- Size
  
  223KB
- MD5
  
  b156ebc4529e10eafdd3a7a22193e892
- SHA1
  
  9b123124f0da7d54e0185256853aa9a98d015fdc
- SHA256
  
  6d5c7a67d4be55d1bc629e30053d4a143ce1b27f681e5a426e00bf99784b31eb
- SHA512
  
  717dfd96fd65c2477942fea0bd5712f7bd11ee8603f49d75d4995c44fe33b278ce28dc18358c940ae7fc92f906011ee80c290b798a90f1c7c27b8b5f7ce61bdf
- SSDEEP
  
  6144:AJsrgPaJ/lSAvspsCTIHDKfqxxX7pXmBg:AHi/l2sCcjmiX7pXmBg
Score

10^/10

formbook hdno discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2