formbook

General

Target

JaffaCakes118_f52385cdf40462b777d24c08f82828b1d28fdfce3e07873c918266686a3914f9
Size

296KB
Sample

241221-yqk9gsyjfy
MD5

0719cc6dc1c4983588fa8c3f1891cbe0
SHA1

93822e20411c38ad9b0d81dc8a2331dd6f1244a2
SHA256

f52385cdf40462b777d24c08f82828b1d28fdfce3e07873c918266686a3914f9
SHA512

5a65601e9efbb11b6931a379c06e68e7add72546ec1a58e5bb746bb8fb638fc54a692f32ee5de8b79ecd446f1da2e335caddf21a8c13235723cdb4bc0493d29d
SSDEEP

6144:iA2cOFiHCoVkUMlFZgsS8Nb7dLmu8i6xhd0KNXU25b0ooEC/fQDgofr10tWte11F:imgmCkMvZg/yb7tmDvxpNXGkwfmvri6q

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dyh6

Decoy

ximmgepn.xyz

bonitacandle.com

thesneakerhubofficial.com

miabags.online

maboxhistoire.com

viral22.com

gracebruno.xyz

safetycare.xyz

aerith.store

mountaingirlbbq.com

bhbuildertest-ecom.space

klhcn.com

guizhouhl.top

noreply-engagementboost.com

derdmlaucaty.store

viffetrade.com

iesyttsn.xyz

msumon.com

autoforos.com

carlosmorgan.com

Targets

- Target
  
  maxx[1].bin
- Size
  
  311KB
- MD5
  
  5336c524e14753aeacf55d47d243a5c7
- SHA1
  
  57dd79737e08b2669fec5926fb6d283e36fccee3
- SHA256
  
  58de41e1c48a304c1f7f289fe5c8976d82b8968aae89497adf7c60cda25deaaf
- SHA512
  
  9237b2e210b4c9c2a61baec0306d826f0b93fe7f52734ca0fe59a87aa23a453466320ecc49b728ce87bc26d1884e3a7e6b8d0c683497bc10891a5fb88dd5feac
- SSDEEP
  
  6144:mbE/HUbSRS5yHZIHRAFP9+yETiVl4e9hwuIfLNEWNLRlRf:mb/iXsWt9+yFV9auOVfj
Score

10^/10

formbook dyh6 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/iglq.dll
- Size
  
  121KB
- MD5
  
  07ed356bb53669a56a3d6d04093d1b49
- SHA1
  
  6c480a1af955ee2633020a0eb2807004fe336f10
- SHA256
  
  c205c4b93e7dff6cf6e2e301b9bc35668448db47913cef5d30ec78cdeeb16aaf
- SHA512
  
  1fbdeb195ca1833b5a0edcb62e535dc4deb61b641638dcd78951d4bb476f11780d91834aad3eb5f3f570ed65b599a372f0688226a805fabdb5785d5b9f32f4a9
- SSDEEP
  
  1536:3MpZYTFQInesu0YimrzaohqUoV8aP8ZXcsx79Ur6xsWjcdMUadSKoatWx2q+V1wM:3dTXJmvvEv8Jsr6+MUPx2qA1whi
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4