formbook

General

Target

JaffaCakes118_d36589912453c12706f08cd2f13140c35010e157ee404d9bb6a85129ca4aa5e4
Size

651KB
Sample

241222-g41snaxncr
MD5

65c8d00798a67df2339cf98cccee3072
SHA1

4fc03f93d6aa89e3ce96608e35514efa52f2eb32
SHA256

d36589912453c12706f08cd2f13140c35010e157ee404d9bb6a85129ca4aa5e4
SHA512

410621a169005da6151d964ca1235c18de2c6e02b5441bd4a548930098fa330fee88ba2de47b423bb8d72d161630a2b815c48281d3eee571023b47a2b59c731f
SSDEEP

12288:mTzofZ7LeFR5Cgu8Q778K3L4kcK3o3FiHfQNgZYJVzXPNtUqCf6CecC3GioQXH9W:mTzocfcZR7gHIo+gZVzLU7Bec0sQw

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

chad

Decoy

osiribodhisattva.com

e-ticaretdostu.com

integrocapitalllc.com

pasarbb.com

curavy.com

efcomportamento.com

twittertornado.com

siyhy.com

roamnext.com

hongduen.com

urbaanmarket.com

davidcavanaghreplays.com

comperhouse.com

ne-nerede.net

m365fordevs.com

structuredadvocates.com

withalldads.love

assanamusic.info

oshaberi-machiko.com

mollyellen.net

Targets

- Target
  
  Pipeline operations equipment (Valves_Pipe Fittings).bin
- Size
  
  877KB
- MD5
  
  3856ef031167c1b3a0e0a40674bd42f0
- SHA1
  
  728e44609c5a0852dabe23d019b5cf3b3f25f739
- SHA256
  
  b9e6760d4d04760b495e95fcda0eb6c070046617730c7066914563679cce68bd
- SHA512
  
  1f7e7fbf9c1f7704b9070522f12983736bfffd8fdc17e30059915308cd4568cbd7fc2bce388a79419bb67f83d6f25dcd02959a47c6c96b54867192d8ca919659
- SSDEEP
  
  12288:hRcaQxt8mvZ0ZbgDPwFVt2NjFFdqoeACbp9nJIx4bZovgff1R5vdP3xEBj2Kn23e:oxcb0wFVMNjlqgCdQYHdJAfGkTCNq
Score

10^/10

formbook chad discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2