formbook

General

Target

JaffaCakes118_e889bc4361aa8e1a5fff453e4fc79b363cbba4dd3b1bf2db424f02e573a4616c
Size

469KB
Sample

241222-bzk9hsyjbk
MD5

787d91f0e1da36389aaa34870b177cb6
SHA1

90ad143646abc2c00e2a8a430817288d6ab14365
SHA256

e889bc4361aa8e1a5fff453e4fc79b363cbba4dd3b1bf2db424f02e573a4616c
SHA512

b78cb00e5ddbf67ad7c01044d8409682cc845bd78f61c4e52e4b957894c5829ebf07a5aaa5521a3d8a6160d6ea3e1ab0fe16b207696c45048ad1c98e0d342102
SSDEEP

6144:m13IYlOilvyWanqI5TJNrL7UW0e4BPJL+Ks/yTOauvWar29fBNJn0ZLcxlrQFt/e:qV7aWHIRnLqBP93suOaGWar2hKZAb8vi

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gs2m

Decoy

esdaycosmetics.com

reviewthesethings.com

380134.com

privategdcams.com

alp-n-rock.com

podgatherings.com

terrasombrafarms.com

pepperhaul.com

alsiha2020.com

coins4ever.com

divaihome.com

patinahomebyivonne.com

mywaytoindependence.com

meetsoleil.com

lifecoachingandtraining.com

jiangxishangren.com

vermontcounteystore.com

mescaping.com

angellahskitchen.com

owlhoster.com

Targets

- Target
  
  5b78695e898c8a3056adf8ee556007d174ddb2c3bff377c0ca53a30746419c0f
- Size
  
  494KB
- MD5
  
  ea3273fb77952fe29c1a88dd80373815
- SHA1
  
  1ef9233f00ef54a305c7886a8930205d19aca664
- SHA256
  
  5b78695e898c8a3056adf8ee556007d174ddb2c3bff377c0ca53a30746419c0f
- SHA512
  
  cebf5707c7c9692eb1f4d47ff8860f0437947709f65f1b1598de889a23d5f3b71f126f204a314a1c5b2151bfc88c92d1e3361585f4234704a1a13487060c5bb8
- SSDEEP
  
  12288:0YvZWl6jiQ+sds3lXX3PgAgsFCQ73kUaP5OeJLFzaWdN8bx:0Yvwkjus+lXX3IAZFR73kUaP5bJ8pV
Score

10^/10

formbook gs2m discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2