formbook

General

Target

JaffaCakes118_91918aed187b8945229b5ee8f97dba97f2dc35bc06f8ea8b47cdd80c7928007e
Size

199KB
Sample

241222-ahk2ravnes
MD5

dd196aa044a31b820c13473749553122
SHA1

bdfe81764e82bbd81f7991d64c781c2b46d08abb
SHA256

91918aed187b8945229b5ee8f97dba97f2dc35bc06f8ea8b47cdd80c7928007e
SHA512

f91977f1d6257b85979a94eedd1a0c3a62c64bda472e4bfd04729e7b5a847913495cad592962217ce0e84a67555e9ad36bd431d84a54a5a7c2ab1b594c78802b
SSDEEP

6144:p35TFvVuHfwJBPHaV2sdV4v7GTxixf8P/4iAi9Wv:ppZwHfwJwV2sz4TKiM/47EWv

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m0e8

Decoy

blackseedoil.xyz

howtomakebombs.com

2klvcoj.cfd

omafashion.com

cellpro.quebec

hutclus.online

arcadespor.com

telescopeinteractivestudios.com

lkihpdhz.cfd

ukrainianresistance.net

mymoonreading.com

zxkedzls.com

driverannex.com

bokobsa.com

4769.one

amagare.com

hansarangdosu.com

pathmarketreserch.pro

ohiopropertylaw.com

dbl-click.com

Targets

- Target
  
  vbc.exe
- Size
  
  213KB
- MD5
  
  bc5a96f61123cabe7548508cf1110f17
- SHA1
  
  06c4ef9c85992a67ce7c47f4444a0dfa608ec8b4
- SHA256
  
  cad40a730db37853650add2b302af798fb0eb43cb266f51f78d927d487ad0f46
- SHA512
  
  6e8def6a14f52e8453dd5bdd7fafdfec0e1077c55930dd62874628ebd0be2285efe0f450377aa6e03b05cf12bf3262400d03e8f61ad9d6b8acd62341b3493fc4
- SSDEEP
  
  6144:HNeZmkoyJNxDPG4UFiYt4PiDEMluuQIYVQMY3qnvnS:HNl7YpVUIfP0HMTvnS
Score

10^/10

formbook m0e8 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  acopa.exe
- Size
  
  3KB
- MD5
  
  e1bdd88f9c59014060629315d11e8bc7
- SHA1
  
  37abe5447c0697558e5eb2e1a0cb6cd8ea9fda01
- SHA256
  
  4b9a1ccfbdc4d4ce292e46b9a24f16b8ced0b8fa961b7328f542196518a677e7
- SHA512
  
  6f5ecb9bb73f97dcb9892613aac66992dc70323f113d6e45384cfa906152c7ab909d92d616ac8daa861bd752cb1a899317c7c679a0cc88543012b179389cdad4
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4