formbook

General

Target

JaffaCakes118_b44c523e72fa82f2d7a8b894ef7f06822998d5a5c37fe623a299827fa353c71c
Size

961KB
Sample

241221-w4e9aawman
MD5

de3894996a3c8e32df8864476fc20b58
SHA1

0b2245cee8b9a78dc8125611f1f2daea93832266
SHA256

b44c523e72fa82f2d7a8b894ef7f06822998d5a5c37fe623a299827fa353c71c
SHA512

b3d89fd73e88e4b04743b7f4b18d5556b56be0befbbb6f3669d438fcae73bc2532cc2b9f32ceeebf6de431496eb9d4c4c25b780db0b11697e1c51e15ac1d2985
SSDEEP

24576:yE5uFzvd89ZniVbMFxhVdtqdYXyr+kHlVgvb3:yYuFrdcZnqbXYXyfF6b3

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gmtr

Decoy

kocnetelgroup.com

william-and-alexandra.com

overseasdata.com

the-wild-wild-east.com

analistaweb.net

hybridkarts.com

secure-apple-ld.com

semjasessprx.com

ahaa.store

9maskgame.online

bellydancer-cicycai.com

qy35tc.com

immopix.net

catarinayamamoto.com

binvestcrm.com

mycsource.com

cookedonpropane.net

melmorg.com

mattkalita.com

animalkitchen.net

Targets

- Target
  
  Benetti yacht Enquiry.exe
- Size
  
  1.1MB
- MD5
  
  ea25c184df955f5e4382ce73fe3eb6bb
- SHA1
  
  da5ed9ab355a3e5912c3186e3c372b68ffddd8c1
- SHA256
  
  b4932161d592d2b1c33be7ef495b873434ea47f9031e44b31338a041b22394ba
- SHA512
  
  7fc6bce7097865be62bf45064120e24bbfef026adcef39ad99dbb6533fd7c4de471a67c5982ca930ba8955e991fa92fdca12c8bf1c3f97c0b9077c8a82b661b5
- SSDEEP
  
  24576:cFOsBgo0q4wMMBmCmTOUd+L6kaXWUp5xzc0B4p+v/5QjK5pqiebU:cEoHMUmCm6Ud+zaXPJcaW+H5QjspqieQ
Score

10^/10

discovery formbook gmtr rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

CustAttr .NET packer

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2