formbook

General

Target

JaffaCakes118_49c79037bcb2462b16066842101bb75b2dc35784d16d85eab3fff542bbfbd161
Size

695KB
Sample

241222-gdpmpswkbx
MD5

57ad4926b3968dda5f38d331274e7a4c
SHA1

8adbe740e2e0618f974617efcfb723324b0c43f5
SHA256

49c79037bcb2462b16066842101bb75b2dc35784d16d85eab3fff542bbfbd161
SHA512

81c1f901578a43925ef6dfb89b3fd33e61b138af3f23e4f23bf82409f2158c3486c3a5de250a2fa70888fd58d635effd24372e613392e93a6a4cd3de67c0682c
SSDEEP

12288:EK4JPWOehk14aO7wsDYlEZrAEhx/4q2q4I8nWhp/8rvkK9F0GI2u68j0p:E0OeG8wdlEZdLgq2g8MSvkK9F0XZAp

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

crdi

Decoy

propertyjumpstartwebinar.com

boc-vip.club

polestarnyc.com

travelonlinebiz.com

bukovynaent.com

bestfashoin.com

miniindiastore.com

wehatebillgates.com

holmescountyjusticecourt.com

colectivorenovemosjuntos.com

houstowarehouse.com

aocsw.com

sml-uniform.com

bandanasaint.com

petposhdeluxe.com

ezcscpawq.com

ladiesoption.club

refixu.com

selfwrrrth.com

rovietry.com

Targets

- Target
  
  Purchase order4756485.exe
- Size
  
  998KB
- MD5
  
  524421853f704a1290bbf12d849c47f2
- SHA1
  
  4f704d094fcabfaa9f4a73fbbfc9651bdd73406a
- SHA256
  
  876955f77a0817e4de8c1d5fddfc98d8fea616499f91757fb3ab7f2a6fdd1577
- SHA512
  
  5d41c258f21a61c6a8505546281018a294b98b34444963a0b05a375c99d92fa796599a4634dc28ebbdfff8248f170253c64d14226a04c1560d56b7c85b2d5eb1
- SSDEEP
  
  12288:XHAsJsJbuA1Rzdnuc9DjwjFDDKaog1h1PU+bthEJ2/FmD4EwCYyz5IDAjH:RaFuA1fucaBDK3a1PU+BcUg4zAjH
Score

10^/10

formbook crdi discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2