formbook

General

Target

JaffaCakes118_7048b334e9ac29b1431dd49e82298bb4b7f965d1b9d934af7de489c5054c248f
Size

234KB
Sample

241222-bta7csxndv
MD5

c6403ed20d26bf179a7d24b47d28438b
SHA1

f3650a37d0137cc66c0ff8a758d9d08499281682
SHA256

7048b334e9ac29b1431dd49e82298bb4b7f965d1b9d934af7de489c5054c248f
SHA512

553b977188f11a17ebb2149ba646db34861bb77cf5c701a3ac02a70b723ef5c3b52bad380cecd40a01c3a0ced5a1c95c2cef32280ae5b97f9445c1168512108a
SSDEEP

6144:w+oZ8ctgjTTXfMd26/0Y4dY1eocJrKpEnxSnA//m6CxClPz:9nPXk4k0YP1DcGyxSnA/HCOz

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gd08

Decoy

discover-tiktok.com

vgyvgycc.com

mrsg.xyz

alredwan.net

d1guoji.com

0519bjw.com

robinhoodplu.com

thechickscincinnati.com

efq2ci2.cfd

vgas4.xyz

s3y4b19.cfd

desertcaviar.com

capricho.xyz

flaujae.com

lensmaintenance3.com

1kjia39.cfd

tqn6.com

needammuntionnotaride.com

2681h.com

braincloudstudios.net

Targets

- Target
  
  AT0001-Purchase order.bin
- Size
  
  316KB
- MD5
  
  a98ae50f4a149db303f4e345c900c9f1
- SHA1
  
  5fbda81750c932bf64d2a57d773867679953bc90
- SHA256
  
  d93009185b1d089f922fbfc67ab4097a178f63b5f18f538a88b24a869ab70c12
- SHA512
  
  45aa93cc3031e44b5d2478d918b6004932a3bbd51b9930cc47124aa67f3e0a1a1a830d170e0f959cf63423cb99b66eba2e3188047a579d2cd155dc96c103dbf6
- SSDEEP
  
  6144:kNeZOWWFI0Dp6DHuZlsljfVaR9gnrBfp3lT:kN5WWFI0SHzlj3nr9pVT
Score

10^/10

formbook gd08 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  xhxsojqn.exe
- Size
  
  4KB
- MD5
  
  cfb2774909a615a38d13977af09c6885
- SHA1
  
  53f7c365ec213d93da2d73250d706afd824c76d5
- SHA256
  
  8506e5d45c6f8e51e89c0e8e188f4bb0b5c3eb1c98a0d3dc7085087156382508
- SHA512
  
  da94a4ea2d0dcb75e45f9d7a36f413607ed521946539b6178840893c7ff066a259a8e5ed137ab4513473499776f251695f0180d7d9cb1656ba4f57c921e22b9d
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4