formbook

General

Target

JaffaCakes118_d4d0077e12c1b749c38b0cedf2de547b49aaf3d97bdbbe00bc68ba06da6356b8
Size

231KB
Sample

241222-frt9nsvnfl
MD5

119bcce7cd84ec1651e360b378e69486
SHA1

579af7e872dfb77a195feaf2c484ced36feace4e
SHA256

d4d0077e12c1b749c38b0cedf2de547b49aaf3d97bdbbe00bc68ba06da6356b8
SHA512

68c57a6d6d82c32fe81172a883a5568666b6229fb40cf598a7c5620a7b94880daa3fbb78b9987ce6c9989fb50a132d3047990efbc6a8c278b0c26a2c7d2738c2
SSDEEP

6144:Tp8MsfZBAQ4zwSfEbbs1rNpS+XlXdf3A04UCixx:drOz0N0+XlXdfQHax

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

r1e3

Decoy

floorwaves.com

leshigou.top

2y3jq.com

karobazaar.com

cookdd9.com

xn--9kqu10bhqv.top

hollieforson.com

peachso.com

gerberry.info

abslikepro.com

lesourire-official.com

dfhgxi.icu

lightofcg.com

hismozart.com

nieuwemaniervanleven.com

trimble-gs-112-cable-reel.com

putacandleinit.com

gopenly.xyz

northcountyneuropsychology.com

thekittyherbalist.com

Targets

- Target
  
  15676e5199913f6f2263bbb3ac5ebf1aab24703083bbcd0934a7c09ac7c0abb0
- Size
  
  244KB
- MD5
  
  cccc6563d6ec2f4b31a72592795147ba
- SHA1
  
  01bdcece3d320ba8e110b60d33cc95bd44bfdc21
- SHA256
  
  15676e5199913f6f2263bbb3ac5ebf1aab24703083bbcd0934a7c09ac7c0abb0
- SHA512
  
  eaebe3cf77a5ad43723704d8f195735e964dd476a210b4ad40b71159400af11567e3359bd9f0fd209dc5e7e656e2b0855a9756a4cdf4eb0c4aa180978c618e29
- SSDEEP
  
  6144:HNeZmQNbl/ZVFHVsPFoHqjaufM0FvZCGu5aobQ9Imy4mw:HNlObl/ZHioDufM0Fkd5aD2mH5
Score

10^/10

formbook r1e3 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  vyozh.exe
- Size
  
  7KB
- MD5
  
  cd213c05fe29d8ea2abebe71678b9828
- SHA1
  
  ac00f24f1d70bfc40909d438c93362e53e954fd3
- SHA256
  
  c3ef3d6c6f8b85e8d88363028d7058662fd32709836c707daf56e597570e3de9
- SHA512
  
  457d821f5c2965ea5c3e1dc50fd44bf0e67e175f109efd5ae61fd4d8d123bbb75c856b545008e19a8c56af601999d56cada617dc368d4ae8f02e0099ed72e23b
- SSDEEP
  
  96:WB9XnrVribqBM7qXOhgb0CIuDoSPmoyndxpJ:YnZlBpehgbFIuNPmoyn
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4