formbook

General

Target

JaffaCakes118_9ccf7bbf3976192a258abb12b5135606fbe990f55a042137fc0041a9a314b0d9
Size

649KB
Sample

241222-aw1dlawmer
MD5

87bfe4cc381f19c61944bfa62e43094d
SHA1

9ad20001a4c17e6df691e5c381603b66a461852a
SHA256

9ccf7bbf3976192a258abb12b5135606fbe990f55a042137fc0041a9a314b0d9
SHA512

a4ca7eb049f81dfcbc51f1a10d3752c9385da9dfaf764f567470a187aed48985d86013daa93a10f66910708e2410e51ee7ddcb6ca360362c1cf4ff538d0bfd4f
SSDEEP

12288:bqJv0HoGTFaBH+N2FHxmCO8Uvho28OIK+ax0F2M3bTPiWxbdf4uXyc:bMw5pA+E5xmCO8Ua2+TXiWxx4KR

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fw6

Decoy

rashtriyasanghsewak.com

filestree.cloud

penoner.com

owliwant.com

elkincook.com

jhac16kaizencollection.com

shalomdentalavenue.com

hotelsbytheweek.com

cookwithchefcari.com

threattenterprises.com

sanookna.com

tlsbuilders.com

softandhardshop.com

ppr419.com

powertexinc.info

businessandhr.com

yiliao2020.com

eiman-pro.com

rhondarothrealtor.com

junk-service.com

Targets

- Target
  
  DHL_AWB_NO#907853880911.exe
- Size
  
  871KB
- MD5
  
  431b60e72869b18bfa6c9fad65b9e72d
- SHA1
  
  57b840752045ce062c2c71fb4c1fa15eef23c3e2
- SHA256
  
  5298c6b4b9d91cb0847c4411c267390e94fe45c870d49aeb84956244114d2ed3
- SHA512
  
  83422a108fc37951e2f425fde3273d8baae1aadc60e0775b2961991486909569bc5f02ffcebc79020b27a0ad0d605bf5c5e837f833fb9ff87604f31e2dc63ca0
- SSDEEP
  
  12288:+TH/+u5ZM4e/ZUdtbXbeLdFQVcM5eTmiMOCBfSkWKbH6pNUy8zAxlw3W1IWdmo:Af+MNeBUdtLbeB4RedC4uj6Hzl3r
Score

10^/10

formbook fw6 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2