formbook

General

Target

JaffaCakes118_5caaa789e3c3ce1fe3ee346ec2dfd10772f28a39366722e6336121ee35d590d5
Size

678KB
Sample

241221-1tam9s1lgr
MD5

fd094ed8502fbb4415f38136f5e4da4f
SHA1

27e6552d2403867442041baf216ff350acdff66e
SHA256

5caaa789e3c3ce1fe3ee346ec2dfd10772f28a39366722e6336121ee35d590d5
SHA512

2c156b704cc18b39c753448160a1bd920330a6f81f25896fd2dd81d895903a85cb28300a54e285019bc3707f49788beda72ab66f1bb5130bfde580e13fd0fc64
SSDEEP

12288:MXJeoVgIby5PCiauGre2sNqjt3u5iaPRmCUtN3H:8JdMCwLqpGigmNH

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

np0c

Decoy

spartansurebets.com

threelakestradingco.com

metaspace.global

zjenbao.com

directlyincluded.press

peterchadri.com

learnhousebreaking.com

wonobattle.online

leadate.com

shebafarmscali.com

top4thejob.online

awakeyourfaith.com

bedford-st.com

lolwhats.com

cucurumbel.com

lokalbazaar.com

matter.pro

eastcountyanimalrescue.com

musesgirl.com

noordinarydairy.com

Targets

- Target
  
  5e0f958daabdc82cbcfa5ac5623cc6a9d63f41fcda2a6566fd9942e89537877c
- Size
  
  912KB
- MD5
  
  6caf930675ce780737a076807d3ee237
- SHA1
  
  83bc159d897ac91c2f7fa29708d8899f7fd7d0cc
- SHA256
  
  5e0f958daabdc82cbcfa5ac5623cc6a9d63f41fcda2a6566fd9942e89537877c
- SHA512
  
  3a8abdcca7849c8c2096c5062988ecb29516b3d8d2087e9d5c77704f27491f0aa4c8aafae1b5f1a699fded91b8eee1abf2b97b68e0bc35ea41b71cbca1cde9ea
- SSDEEP
  
  24576:Q+MOQW87bhQxtVU26dnKdSo/awPgNHZ2Kz:Q+rQQxtVUm+HZ2g
Score

10^/10

formbook np0c discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2