formbook

General

Target

JaffaCakes118_969cb2fae273298ed86e1da4978a64602e09424ad1e207b2fda172a614842c95
Size

606KB
Sample

241222-fhtlsavkdj
MD5

b535db392a503a40e531b860db426954
SHA1

2e70bcf10c28b0f36b387894ca949c4e35659249
SHA256

969cb2fae273298ed86e1da4978a64602e09424ad1e207b2fda172a614842c95
SHA512

0ad0c6d3e0a135b2709a332dc58ba5fd5b41b83d30555c84c2b9a995e4aac3b47988687ab530d69f80eba5bbf868b6e2a5692cc8821e79bc8f70404d7bd1c501
SSDEEP

12288:L8zOzl1Y2LN0NySXzhALR2IMQ+6YVhapcycV2yvmSqkuDizFGraeoOrEiIw:L9DYGMySDlZ6ehtHvgkKVOTOwBw

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a1n9

Decoy

mundodasmaquininhas.net

smop2.info

xn--chriemonrve-cbbu.com

kalebet977.com

inmobiliarianb.com

watersmartaz.com

xyz.gallery

sadiztech.com

traiteur-albi.fr

blocks.icu

hangrypancreas.com

saysosoulcards.com

rightforearth.com

swifty.network

bettwsrfc.co.uk

bcausemarketing.com

thaibjbar.com

zurisfashion.store

optimisescreencleaner.com

couponsjoe.com

Targets

- Target
  
  skmbt ref 10072022.exe
- Size
  
  933KB
- MD5
  
  dc681c0d1b1a68760efaa3d0e30c265c
- SHA1
  
  b9af8e985e07a8ca11a5b81e7353428015c824ad
- SHA256
  
  866ff728d933b6a13b260cb79be66e9d17069f15fb7458673d313f6d7590864a
- SHA512
  
  fb1b39aba32987f6a84617870e5b3cfc9a6c54726979ad9608082b78135d91a35fd4c4ae7bd63f90c35e51d138c9d7952d93daef9ebc62f4dcbb880fd23d5de2
- SSDEEP
  
  12288:wGrI2iNQxZU/LPBBmJw5afc8WBuSSVwwuizH+BllvMo3Y6J2u:wGs1gUjPBwwIWcSSSeze3d3Q
Score

10^/10

formbook a1n9 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2