formbook

General

Target

JaffaCakes118_f5ce0c2e0bc3027a6acc59824c809ba92c7f514eaffb77b08e13137e37c85028
Size

274KB
Sample

241222-bmdc5sxlbs
MD5

a1acbb5dc8e81d5e1b55b06ce64f9164
SHA1

2a3f6907807212d9acafc3c945396af20e30e3f8
SHA256

f5ce0c2e0bc3027a6acc59824c809ba92c7f514eaffb77b08e13137e37c85028
SHA512

da9eb720075f27ccce55c54b190ed3789edcbd7a4dd068df6c5ea09a97fc70478c260f706c18a31e03cf2c1b31360a526b59e99dfffc50ac5cce60b6d6dc777c
SSDEEP

6144:aj5RGWHqsWhoQ9Yeb4to7+QvcWtOipFhUU1dMK8:auK2oQ9S2EAFhUU1dM3

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ct6s

Decoy

liaquatsibtian.com

erisa.cymru

theultimateone.world

petpartner.info

edison-press.com

ryanmurazik.icu

bukasystems.com

kitsusimplex.com

qatarstyleart.com

brkhot.top

paehdfdtrujdfhs.xyz

createdbybonk.com

kuihoon.com

deathtocustomerservice.com

iotimb.com

greendiamond.pw

millionaireproducers.academy

websitemolsa.com

cbshomeimprovement.com

eardunder.quest

Targets

- Target
  
  02510#ITEMOrder.doc
- Size
  
  386KB
- MD5
  
  c94b3a3db4363cf785261a704a04aba3
- SHA1
  
  4c3cd39711642aa687f9a341ea0fd86a74691ac9
- SHA256
  
  85601ede72b1c348db5663e3782e7b3f3157c2356e2c90b769bb2afc2d476e4c
- SHA512
  
  4ee10ccd71645bc9b647792b43f3d0a62ac8f8c61b4221b28a098cfad31cd4f72a89e7dcbda105c1e8e3dc9297165449730ad412e9c7e25b609ce2665049fb7c
- SSDEEP
  
  6144:OBlL/ty168dXGQLRWg2RNtJsLPE7dyswkUX8OI7W6OieoSzjL3qpJ3U53uE/H:ML9mLRiRpsLcJyzDI3onLao53ue
Score

10^/10

formbook ct6s discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/owuqnjwjhmx.dll
- Size
  
  43KB
- MD5
  
  8a1dffc79873318c04f8a1faa7b5c10f
- SHA1
  
  ec7bf093eb33b20401b47aa307b785e70617c73d
- SHA256
  
  18e3fcb2014557bcf59994871e50dcc92ed677c6d3ecbfb02023574ede67c6f7
- SHA512
  
  f7c891e6c8278dbc38d79f4dbdedd6cb1c966f77d0fda3c43de9f788946bf4129a9b9ba88a4c1d0d7f3a294ab4619a1c9d6ccfd1c23a34954d09dc532a0d5d62
- SSDEEP
  
  768:7TVkXMvJB4sWHqz4D0ceGIuf6qaBxlgjHBzb2p:7TCAzmIuiqaBxlgjHdW
Score

10^/10

formbook ct6s discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

Formbook

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4