formbook

General

Target

JaffaCakes118_88175c121428ca4a37fe15c06f7c452bdefb69341779396c1fffbc4899ab43fd
Size

677KB
Sample

241222-e2h4qatmdq
MD5

900117994da96db76268dcd9d2953877
SHA1

0b168fd31bfa73e8a1ce90333b7ceeea58a1a765
SHA256

88175c121428ca4a37fe15c06f7c452bdefb69341779396c1fffbc4899ab43fd
SHA512

90c18b5552bf2f9efc8b03b4651627c4efcc5259d1b06a989b019f92e7f42d513ea320446ae9e5978102d60bc45f1c95bf6afc2c0b98b2964a70682e6eda0bba
SSDEEP

12288:/Qnpaka95UqDnIV/2VFs57KgHmCHFUR+TXHhVj2EguP0929bVFtAbiqA4D9PfJoh:/209OeXVF/2lHw+T3P2BuPX7FCiqVXyl

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gz92

Decoy

ayurvedichealthformulas.com

plazaconstrutora.com

nat-hetong.info

eapdigital.com

ibluebaytvwdshop.com

committable.com

escapesbyek.com

mywebdesigner.pro

jianianhong.com

benvenutoqui.com

beiyet.com

theartofgifs.com

mbwvyksnk.icu

nshahwelfare.com

hhhservice.com

thechaibali.com

travelscreen.expert

best123-movies.com

leiahin.com

runplay11.com

Targets

- Target
  
  3dccb81826e0a102df3972e8ef1e8c534b1b3afed98f5fbebd45beab9bfbaa44
- Size
  
  895KB
- MD5
  
  875316b1de1ba195d5458546d9048c4c
- SHA1
  
  feee43c84bab766aa064693cd90bfdd3b1011033
- SHA256
  
  3dccb81826e0a102df3972e8ef1e8c534b1b3afed98f5fbebd45beab9bfbaa44
- SHA512
  
  092679de1c48abaa26460d2fad87fb6a2c2b49e87a4afa69954a115fab7ac5070bbbdbe6d105de9f30eb9a38298314ab9cab9ce75fade5ff12342664f2b60ad7
- SSDEEP
  
  12288:sNDc9F3nC0Py3gAhY+5K3/7KCvEst0GYBTKoyAZt8hMlU2kEBoZd6aSst3tr1/NK:sbMjKCnt0btKoX8hokwoTt7rXWF
Score

10^/10

formbook gz92 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2