formbook

General

Target

JaffaCakes118_0c242b3070604e61d00c166a49f2f1bcc89af192ab19947246891420e7d9c7b7
Size

437KB
Sample

241221-3et5gatper
MD5

4d8e281d79ba2dfbb54656b2c7e5dc16
SHA1

bd2a8d29b1493403d0cb464080ab3768f99519a2
SHA256

0c242b3070604e61d00c166a49f2f1bcc89af192ab19947246891420e7d9c7b7
SHA512

7d6bc4ac8eba88f3e2e09d1d411a3a764e1c353b89cba59e36572e6ef6ab430d86097d07682a56a333c21f863ed1ee1821773f790dbfb35a69d07959794960d9
SSDEEP

12288:Rd8MoATawhfRArE/Y33kZAUuRr4yhUYcwFAchHVoB:vPoAWwhf0EwkZjux4yheCAchVe

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a34b

Decoy

overse.biz

thecarths.com

bouw-service.net

xn--9kq93eezbv99d.com

rf-deer.com

cantas.site

prestizh-pol1.online

fxptjs.com

diarypedia.com

delawareescaperoom.com

ios-buscarbr.com

ahhcarina.com

queernurseconsultants.com

xycp6288.com

swamplilys.com

purposefulliving.site

rockverse.biz

assistantsincrypto.com

avantes.club

themuseumwithoutwalls.com

Targets

- Target
  
  Oversea Sales Purchases..exe
- Size
  
  527KB
- MD5
  
  1fefd4454f760fd94bcec743b13e6c6b
- SHA1
  
  4caa024e1494738b1951f58ff382b3c1479be067
- SHA256
  
  e98fbae65e642aef0ad45e52f3154a698ad6274c13e1d13e444b40b4882727bf
- SHA512
  
  e68e6e2e973e0d323b6801f4ad380adaf655a09ce99deaf227fcb97a371929f832a5246e25ede75d076f756797e069a0ebc039ba1e5e079c8cda1abb5fa958a4
- SSDEEP
  
  12288:YPPKGTI6yju065y4ypCAervisF/gvz3d21BKoiqtD001SyZvXjQbaD6:4PxI1juT5yNpC9im/Ez3dsBd/C0
Score

10^/10

formbook a34b discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2