formbook

General

Target

JaffaCakes118_9bc1a422f3522681ccb93abd9969e8defc504891d7cf76e4e292fcdd8abab523
Size

620KB
Sample

241221-1qwrbs1lal
MD5

f5fb57d0b5f7d67bb90281036e50d8ac
SHA1

694c73d05de2a39a054af1f4828d36337730f13b
SHA256

9bc1a422f3522681ccb93abd9969e8defc504891d7cf76e4e292fcdd8abab523
SHA512

4b0ec601df0d46e0e2bd195eebec65c41ffe9590ff035fabe45481ee26d8156cc12e0a2b90c449afc3340089da58d0c51666f02405bed4fb03ce8355beb3e4b6
SSDEEP

12288:QeP9lDtFC/nOB+QM11Lkht99PBxg6ZaRWRb+2SupD9OA9L2s:QePPX8LXrkh9b3aRW/vpD9HL2s

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fw6

Decoy

rashtriyasanghsewak.com

filestree.cloud

penoner.com

owliwant.com

elkincook.com

jhac16kaizencollection.com

shalomdentalavenue.com

hotelsbytheweek.com

cookwithchefcari.com

threattenterprises.com

sanookna.com

tlsbuilders.com

softandhardshop.com

ppr419.com

powertexinc.info

businessandhr.com

yiliao2020.com

eiman-pro.com

rhondarothrealtor.com

junk-service.com

Targets

- Target
  
  f90cb1f05b1e7aa348fed6d67c0f200047eeff0592ee1a9b2f3c19cbde295ab6
- Size
  
  719KB
- MD5
  
  d11d1c567f73e6900540b9f2c6755df0
- SHA1
  
  e0a62d36c02a31cdda04bb2c1741a53db0930e37
- SHA256
  
  f90cb1f05b1e7aa348fed6d67c0f200047eeff0592ee1a9b2f3c19cbde295ab6
- SHA512
  
  63f21affd9036c2fcee31a8ed2abe276193e13713b1b9c9ea3000d3a2fe45e2a9867b5449e3ccf0b242541f1d8489d7e2ab5d1de5643c7364d3aeab659422f69
- SSDEEP
  
  12288:7w124xpCTdX4zuvOBHnpOiyevB2x2ei2uVgpfbTA1NFNgwZ1AtnJlC2OTPmE3KcY:7RRXMJ02Ex5id6DT6HB1ATlC2OK
Score

10^/10

formbook fw6 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2