formbook

General

Target

c691f8063e79e19fa95073108f499b5c_JaffaCakes118
Size

279KB
Sample

241205-h8g2sazqcl
MD5

c691f8063e79e19fa95073108f499b5c
SHA1

f31d24fa592152a6ad2db064eab64652e313ad0d
SHA256

3cc059736bda2e682c4695af39797d7e32d853db835377647abfb850452d43ad
SHA512

b5afa2d9c1de870a4a9efad4f57cf6182ffb605c2e678519e0a7ccdbaac62421a4029f0466758ea576b546c6babbd5758129f5f8530d4156b4f0518d8ca2f788
SSDEEP

6144:5fLl0j/eF+aXHTwqYxyjp9zgOOUvtahUyjz6j:5fKsXUqZPzIUHj

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p7t8

Decoy

bretttaylorphotography.com

wishestodreams.com

tinycase.xyz

delawarewebuyhousescash.com

tiennghimini.com

pechnolight.com

sportslivepaly.com

healthygut365.com

briarpatchgrief.com

thenaturalyoushop.com

paulmackaydop.com

psbetongroup.com

luxuosy.com

sesmaseguros.com

mywhyismenow.info

responsivesleepcoaching.com

dokebimetal.com

goodnightfarms.com

fusionhomepackers.com

tiktok-generatofr.com

Targets

- Target
  
  c691f8063e79e19fa95073108f499b5c_JaffaCakes118
- Size
  
  279KB
- MD5
  
  c691f8063e79e19fa95073108f499b5c
- SHA1
  
  f31d24fa592152a6ad2db064eab64652e313ad0d
- SHA256
  
  3cc059736bda2e682c4695af39797d7e32d853db835377647abfb850452d43ad
- SHA512
  
  b5afa2d9c1de870a4a9efad4f57cf6182ffb605c2e678519e0a7ccdbaac62421a4029f0466758ea576b546c6babbd5758129f5f8530d4156b4f0518d8ca2f788
- SSDEEP
  
  6144:5fLl0j/eF+aXHTwqYxyjp9zgOOUvtahUyjz6j:5fKsXUqZPzIUHj
Score

10^/10

formbook p7t8 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2