formbook

General

Target

ca78d54d548798fcf44988d3a89433fd_JaffaCakes118
Size

345KB
Sample

241206-cchqjstph1
MD5

ca78d54d548798fcf44988d3a89433fd
SHA1

de519e152e3274523c23d58303f049509be2484e
SHA256

d12401aff6e577ad268923a0310d09931870ad0f5c557245376ca0487e4be96d
SHA512

3841d4e9ae04a2b277637f9cf0f8e18fbe1db4e7fd4ff1dbafbf82f663337113fff98cfc6f0a101922798fd69c51d33b01e5c014248f12330ec2f6cadefb43c0
SSDEEP

6144:idy13tEFvM4Mh/K7v97Z2gVdnkcvpkQHrsPMPVNTS8eAWn7woJQnsviWrX6O:idyT6vM4Mhy7RZvVG6fHBVNTSxAiUiWW

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k1rc

Decoy

manchesterflowerwalls.com

hyperhostns.info

leverj.exchange

bringcovidhome.com

natalieball.com

glaseye.com

buyersmeetsellers.net

dronerealestate.net

calfwag.com

hoodhippy.com

prophunting.com

yange03.com

ffpgv.top

valengz.com

handbagsbreeze.com

excellencepi.com

iopsms.xyz

farmacykauai.com

dmarc.press

aridham.com

Targets

- Target
  
  ca78d54d548798fcf44988d3a89433fd_JaffaCakes118
- Size
  
  345KB
- MD5
  
  ca78d54d548798fcf44988d3a89433fd
- SHA1
  
  de519e152e3274523c23d58303f049509be2484e
- SHA256
  
  d12401aff6e577ad268923a0310d09931870ad0f5c557245376ca0487e4be96d
- SHA512
  
  3841d4e9ae04a2b277637f9cf0f8e18fbe1db4e7fd4ff1dbafbf82f663337113fff98cfc6f0a101922798fd69c51d33b01e5c014248f12330ec2f6cadefb43c0
- SSDEEP
  
  6144:idy13tEFvM4Mh/K7v97Z2gVdnkcvpkQHrsPMPVNTS8eAWn7woJQnsviWrX6O:idyT6vM4Mhy7RZvVG6fHBVNTSxAiUiWW
Score

10^/10

formbook k1rc discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2