formbook

General

Target

JaffaCakes118_af3c7e6a0a3a7820032073ec956416dd3f8c9248a485753403b95adf43a31c2e
Size

199KB
Sample

241221-zzwx1szlcw
MD5

5cc7dd215491c935f32230419e6030a0
SHA1

32631179cce3ed6daadfba1f2c36600ae7b1d976
SHA256

af3c7e6a0a3a7820032073ec956416dd3f8c9248a485753403b95adf43a31c2e
SHA512

d223f88a3b8000d83ee2ad4347c2c26ecb083a09a2069d6598677a32bc4308802ab44c689b0baea58a4cfbb10b35bdc611227cfd2e71d5730793cb9de159e7fd
SSDEEP

6144:PDZTHpP2+kD4mM5ANP5Utuv06w8My8dU/TXv1:PDZTHpu+kD475ANPutucxWBLv1

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mh76

Decoy

healthgovcalottery.net

wenxinliao.com

rooterphd.com

bbobbo.one

american-mes-de-dezembro.xyz

mintager.com

thespecialtstore.com

wemakegreenhomes.com

occurandmental.xyz

fidelityrealtytitle.com

numerisat.asia

wearestallions.com

supxl.com

rajacumi.com

renaziv.online

blixtindustries.com

fjljq.com

exploretrivenicamping.com

authenticusspa.com

uucloud.press

Targets

- Target
  
  Ziraat Bankası Swift Mesajı.exe
- Size
  
  213KB
- MD5
  
  f2709d58d0876f2f996e3ed7f80e8a35
- SHA1
  
  4c86929c776b27a80de42113963e8ba309e67bb7
- SHA256
  
  66a3bd7fa8f6c6f0fbeb6afa6f5b13ae1c2e09600d17e49d94556f680f5a277b
- SHA512
  
  46aebb672626ea7924ab256782ce7a1c0de9b5ebf9da794e8edb886a187b47a719f79886f60849df46b37f5cff39250d208703339ce0c4e44f4fb6c40cabd9a7
- SSDEEP
  
  6144:HNeZmx8VObAOHDOScqKwgSTwB95PnbjbvLAZSOgAurZAm/qY:HNly4bfySXK5n5PbjbHRhZABY
Score

10^/10

formbook mh76 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  aqfvej.exe
- Size
  
  3KB
- MD5
  
  8762d96314aa376a765ea0ab07cb9637
- SHA1
  
  8e91d715bc8a617d2b2fe81dc0b6ffce1e3bafb5
- SHA256
  
  428ffb3962cd0c5758cf842792b131bcecb57a8014b42af2820395277b6a5574
- SHA512
  
  a366b2d2506852eb589aa2a1a3360413d48d6b081a23e131f4c6c12f9b65afa0db87d3d533da6d299c5a6f8903a76be1bc59a7235088ebe7b257daef67866b94
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4