formbook

General

Target

JaffaCakes118_dce95471714b949f8d516b4624402fe87f7d049b30941f2375b980d97c7076f1
Size

404KB
Sample

241222-fvfkpavpel
MD5

df5b92847640c20a2e9416690bc96944
SHA1

4d2625ade5597cfcd03e039771364c5ede699fda
SHA256

dce95471714b949f8d516b4624402fe87f7d049b30941f2375b980d97c7076f1
SHA512

db5de58992c786d6a46b9d6f69976d576913ac5dbcf5fa91b48d7f1846587265cb87ae98db65197ac9f739f3bfe68b4d0c73115cea9cb4cfe635fe3c9bc63a9d
SSDEEP

6144:AF1rqcirNHS9Uzf14B6Ovx0hvdhJJgrtUPBgkaVQ51u2ExG8r4FMp+ZZo4PS:ATrerNHS9c14MPJgrtUMu5Y2EpN+/TS

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cr35

Decoy

tahirsoemantrigroup.com

hashtagstartup.net

guron.biz

donwalin.com

aslanrefinedhomes.com

quitrobo.com

transcriptionservicesindia.com

mooremedications.com

mahounoniwa.com

lowpricepath.com

xinmanxin.com

maliya-interiors.com

rkprops.com

functionsandfoundations.com

thelenditudenews.com

streetlogic.biz

itaste.xyz

protokolavukatlik.com

reformasmende.com

noahsicecream.com

Targets

- Target
  
  de475f6f80edfef837511633dc86a0115456c42a8c8469a0a8e304dc7dc17379.bin
- Size
  
  764KB
- MD5
  
  ec3b64c231f48d3ea93f9879085b8f6f
- SHA1
  
  8c1c69f9c751ba62781d2a79b708fb6f90b2ca6a
- SHA256
  
  de475f6f80edfef837511633dc86a0115456c42a8c8469a0a8e304dc7dc17379
- SHA512
  
  d7b2283a9a0740e51ccfb281fe81308973754720b4a5f8d13e085029499e18b6ccd342c81737968260a347894457dad873fc5e1d2493e74550f87bf34f96bb00
- SSDEEP
  
  12288:Pox9A7nAvUFEHUNme8k9vf9d0Z7OXW/cC4Ff75wyk9h5BhvnYjp5wylG:o9SAvUq6m5mqZWWP4hdwyWh5BhvnYjpI
Score

10^/10

formbook cr35 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2