formbook

General

Target

JaffaCakes118_33f782353f73f79b79a704b5a1e66c39eea8d06cd4196c74f5ec68ed40b372a7
Size

437KB
Sample

241221-zxqyzszkgs
MD5

cc96e918955e978d8d053c54cce95314
SHA1

0923b4cf99baa7e65663286fa94c4641a99b58aa
SHA256

33f782353f73f79b79a704b5a1e66c39eea8d06cd4196c74f5ec68ed40b372a7
SHA512

7413dc71cd7b92d5738f829ec51e7507dcd413cd0da5ee2741c1fb6624b25894b4061f95eec32a305e746e8baa035b360d9fa9b1679b734088e12a21577b0806
SSDEEP

12288:meBfEtRZQYgNIUTxc4BXOHU7J9HnuBmsxwE:meyRZEiAlBXO07fu0sx

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a34b

Decoy

overse.biz

thecarths.com

bouw-service.net

xn--9kq93eezbv99d.com

rf-deer.com

cantas.site

prestizh-pol1.online

fxptjs.com

diarypedia.com

delawareescaperoom.com

ios-buscarbr.com

ahhcarina.com

queernurseconsultants.com

xycp6288.com

swamplilys.com

purposefulliving.site

rockverse.biz

assistantsincrypto.com

avantes.club

themuseumwithoutwalls.com

Targets

- Target
  
  Oversea Sales Purchases..exe
- Size
  
  527KB
- MD5
  
  1fefd4454f760fd94bcec743b13e6c6b
- SHA1
  
  4caa024e1494738b1951f58ff382b3c1479be067
- SHA256
  
  e98fbae65e642aef0ad45e52f3154a698ad6274c13e1d13e444b40b4882727bf
- SHA512
  
  e68e6e2e973e0d323b6801f4ad380adaf655a09ce99deaf227fcb97a371929f832a5246e25ede75d076f756797e069a0ebc039ba1e5e079c8cda1abb5fa958a4
- SSDEEP
  
  12288:YPPKGTI6yju065y4ypCAervisF/gvz3d21BKoiqtD001SyZvXjQbaD6:4PxI1juT5yNpC9im/Ez3dsBd/C0
Score

10^/10

formbook a34b discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2