formbook

General

Target

JaffaCakes118_3e582ce44bc678515fe8999dd2d6baf83ad194b9d6f3ff059f47e0293fb57d6e
Size

749KB
Sample

241222-ey6qlstkcw
MD5

ae6317fdc243005de53c4f694b4a174b
SHA1

001a1ac852b81ddbba8c88e924eb40eb8158acc4
SHA256

3e582ce44bc678515fe8999dd2d6baf83ad194b9d6f3ff059f47e0293fb57d6e
SHA512

e775436dff23be67192f3356c4fd464a2d77685463bac8603478cecbd9fe85cc092110cf36c1212193f7a60916cf611744e0bf099309a08ce2b5b5f87b22ad0c
SSDEEP

12288:vSVuPl0ZRlnySWBobEQcQJ6gmocLkyUIfx+k+DYAWg6U2Svg1la0uTy2YilcHrpe:vYRRSBW2ivmYRBk+Fp2+JOacHeh

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gnu6

Decoy

offersdelight.online

scmsyorketown.com

kgnuyzd.com

fhzs66618.com

akomachinery.xyz

couches-sofas-41944.com

johnsonne.online

yovxy.xyz

dubeffer.com

weddingangpow.com

metaversesocialslueth.com

chaoticbliss.info

jasmin310.xyz

678226.com

eepicc.com

remindtron.com

kusumaslot.info

xyy02.xyz

uvziup.com

sarasota4golf.com

Targets

- Target
  
  d5b73f94baae872466c1f7435d9c3ee66c5bdd606b1bfbae775c9acb19f5c42b.exe
- Size
  
  1.0MB
- MD5
  
  31fc36dc329bcf9c029d7bb6b607fb3f
- SHA1
  
  fe6d078aee396f443ee11d3936c3a1c016bcb071
- SHA256
  
  d5b73f94baae872466c1f7435d9c3ee66c5bdd606b1bfbae775c9acb19f5c42b
- SHA512
  
  d80f7706d7644342c08d3f42f4fcab23d3d5b17f48ab40aebe4dee75cc915a64f5fe45c5d6b70a3ca20bfe3b2055b8fba05a94ea29bdcf08b4b2ccf70f9a2e21
- SSDEEP
  
  12288:vUEkc/3UT4OOtZ7+w17iRBXeFsk+rctCn9027wD0RpQMkVwN33LJ6BokRLgdF:vUY/vtN12fXm4rctcq8wnnKRJgW
Score

10^/10

formbook gnu6 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2