formbook

General

Target

JaffaCakes118_f48a16e3da0c253c8d6e017129afab39e789b84acc445bba0cb47f1a79daa074
Size

227KB
Sample

241221-yfptxsxraq
MD5

e2283305d7740e0ce0a1537311775eaa
SHA1

bb44c23e5d38ed3fa0f17f988ca3d11bc72e54af
SHA256

f48a16e3da0c253c8d6e017129afab39e789b84acc445bba0cb47f1a79daa074
SHA512

a46f5af5d78f1d95efd57be4ec99b7c23416c3dea87a1e6928570e688870592cdc3f152ba7908f8c0d55e786efa816c47f5c45f6b4e173b0230eb743f08da85f
SSDEEP

6144:fp8MoEU5DW5ZyX9nNG2N/zsdIWvrUNyUOllY3I:Rrol5KZyxb1zs2WoNypy3I

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mh76

Decoy

healthgovcalottery.net

wenxinliao.com

rooterphd.com

bbobbo.one

american-mes-de-dezembro.xyz

mintager.com

thespecialtstore.com

wemakegreenhomes.com

occurandmental.xyz

fidelityrealtytitle.com

numerisat.asia

wearestallions.com

supxl.com

rajacumi.com

renaziv.online

blixtindustries.com

fjljq.com

exploretrivenicamping.com

authenticusspa.com

uucloud.press

Targets

- Target
  
  a328bc2d66baa94dc748b1a450a0ede9601ff9ccec5ff2cfd043e669383ba295
- Size
  
  240KB
- MD5
  
  5c52be5501bfd96e7aa76bfa04b54e00
- SHA1
  
  83efb1f56aff4dd969222f6ffd747be0a6d7a072
- SHA256
  
  a328bc2d66baa94dc748b1a450a0ede9601ff9ccec5ff2cfd043e669383ba295
- SHA512
  
  fed8633986c845d02d1a4a791d23fd0c4850b70b5e9ad2f7a107b350a7fccc7b991c2c061dbd13efc7649bcf773d456eed068deaa7e56c25cfff19894096de20
- SSDEEP
  
  6144:HNeZmwyfaJ1I8cPNeraTn7t7OgwtQ5KzlQJzRRjaXNya5:HNlhCvI82jF7OPtQEUzRRu9ya5
Score

10^/10

formbook mh76 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  agvoj.exe
- Size
  
  65KB
- MD5
  
  7e62ddeae0b2e64a1e2a2974d98a1c68
- SHA1
  
  133f1f1ab8d1c223556ca51e4295d190ba9d0a59
- SHA256
  
  58455bbff5636ff36755899c69ca4483f99a3fb0a7d5803cb8699d25e669f9e0
- SHA512
  
  94d3e72000b82d31c0c2401935108e33e5abfa92ab525ca0ddbe6084c300150125d9787df4fa0805501b8c2f7b1ebd37d2301731a9ea07a26f66498ddab30779
- SSDEEP
  
  768:AE0PommYXs53e6XRW/bqFb137/3u/9W0tSJi3TNKtc8WiMc0sWjcdZFHMC+9P:/J53e6h8b+3zA9JQc8FMTsWjcdZW
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4