formbook

General

Target

JaffaCakes118_8ae9f962144ba9c83e0151053373871c5383e478b7bbe51df08124e9d1881f84
Size

653KB
Sample

241222-bz5m6axqfv
MD5

928d45f786ad28b3eac7ec9c581da641
SHA1

52182c978fc5f5cf6d248c195b76f77927ef2e8f
SHA256

8ae9f962144ba9c83e0151053373871c5383e478b7bbe51df08124e9d1881f84
SHA512

554702ac203d3c9cc57185fb8c314d2299130bb1428a816d381138aa3a8bdb7c8b12231fbbbd10f65f76e37ca00b45e169c9fe1187f64041b4b6b78f8dffa9b9
SSDEEP

12288:fJofcIrleiSvkNhaMFjK6cDYHqgiaurl2CBi4Fcz1eeIQJC339oeELNW:bIZ9bW6pK4url2Cg71JXk33ieQNW

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g25e

Decoy

2491254125.xyz

hookd.gay

uxmelange.com

startupvision3.com

evanwoosley-reed.com

uspalupdser.info

lx0599.com

grupoiaez.com

londonpapershop.com

cremas.store

risespec.com

olivierverdoyant.com

creatednow.com

epicureanhometreats.com

iqijp.com

vcraftboutique.com

furnaristudios.com

dealsgolf.com

djwoojs.com

boatslave.com

Targets

- Target
  
  USdoVn56lXoOULq.exe
- Size
  
  720KB
- MD5
  
  496178f82a5a471f55cfec67492c5c5c
- SHA1
  
  47f3c8ab59fb3e7fcf3a8c1b4cfd22150305f5fd
- SHA256
  
  0308ff4d9e1f733b474d2fa01c3a7cdb29129450188357602cd224c89927867c
- SHA512
  
  68ec33a0728560f05f78f6a436947457617bed61e6dbdd78516e14bda1b10f5b38120c4d7a0c4a5e215fd647b46db3881568c2b41ff87af86e7e4c8b8993ed40
- SSDEEP
  
  12288:1lDLIXPod2iNXMxDIKR9KM8DKH+4aaufLCIji4xqzLee6O639oo3F5/W+:1Dd1yUMfeUufLCIGTLJC3io3F93
Score

10^/10

formbook g25e discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2