formbook

General

Target

JaffaCakes118_46ccd7e9a3a8e24617a1a4b86de35b63b78e7f3b2472e9f920dc0fc691835dcd
Size

715KB
Sample

241221-1jh7nazqew
MD5

c039a23e7e5edb457bfb956e0ed636e4
SHA1

1d6e73d8cd6fd9a03e05b2ccb7c04d2348fa5afb
SHA256

46ccd7e9a3a8e24617a1a4b86de35b63b78e7f3b2472e9f920dc0fc691835dcd
SHA512

e0e02d50c0b43607fc50b5bdb89cf33c759d71d14efcd495842d34b861921d83cc1803435e1090a89c9bf11756e5d15514789a65fc5c1c96d34609f75c84d6db
SSDEEP

12288:5TISC1bCfTSEzVMWm1YdOhLrZE+9V6hXcZmrbzpPsfHxTT3i0nk8Y4yJDP9wCgxi:5TxC1OfBJwYdOhXK+8b9Pq5T3i0kBZ9R

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g25e

Decoy

2491254125.xyz

hookd.gay

uxmelange.com

startupvision3.com

evanwoosley-reed.com

uspalupdser.info

lx0599.com

grupoiaez.com

londonpapershop.com

cremas.store

risespec.com

olivierverdoyant.com

creatednow.com

epicureanhometreats.com

iqijp.com

vcraftboutique.com

furnaristudios.com

dealsgolf.com

djwoojs.com

boatslave.com

Targets

- Target
  
  608355d27f442ae5c435b22fa9c5757fe324ad753eb48755cbd92b8aa1e161ee.exe
- Size
  
  1014KB
- MD5
  
  7d420aa49e35f1af9427ebb0ba555027
- SHA1
  
  c052fae4e080073d322aaaf185a35767d2c35c2f
- SHA256
  
  608355d27f442ae5c435b22fa9c5757fe324ad753eb48755cbd92b8aa1e161ee
- SHA512
  
  b7f3c69c7ab137407d578fa41df21fdb3578ee6ea9f044f2a9555775059f6171f594d9ce229acd15d3625f813a9f85d521f84aa12b4a1671a3cf0f470ccce3c9
- SSDEEP
  
  12288:IlIKqEaiIj/C51Wy+p9rokT3SQmu/fz3c5aSIOknAyanFtAxEcm8:4IDdjO1Wp9rokT3PHzMN9CAnPAxFm8
Score

10^/10

formbook g25e discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2