formbook

General

Target

JaffaCakes118_9cbfd52d21bb6d8f793e9b67580083ef824faa531803fd8fb48dfa787769517c
Size

639KB
Sample

241222-gs8zwswqfs
MD5

8e1d79e2e1e198c90ebc7d2378230230
SHA1

c1e803c7b0f34b0a64193ae20267177a8d6a2576
SHA256

9cbfd52d21bb6d8f793e9b67580083ef824faa531803fd8fb48dfa787769517c
SHA512

0cf6496eeed84807057985bdc88f54853fb7c0ba9b4cd8ae73976a997c72d403445e85047c92e1353cc9f7abcb3074d55b669f6657715c3b3c2c46e9156301ad
SSDEEP

12288:dW4Ahe4wCBb49ZoOXoBZzB1tnp+BFy5jf3PPq2dw5imyxmZNj3e5:dVAI7A43oOX4ZzJp+LkvPy2ZKNju5

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

tsg

Decoy

cascadebioclean.com

awdgrp.com

365itnet.net

securingthelegacy.com

tecksnapz.com

faithfernandes.com

greyboxautomation.com

appliancetechhub.com

objectif.digital

thesearsgroupnc.com

ladojrp.net

keitakora.com

sendaproveedores.com

freedomdigitalagency.com

w5vyy.com

wsilhavy.net

andrenoforte.com

realonlineseller.com

impetusprime.com

amsengineeringinternational.com

Targets

- Target
  
  Shipping_Document_Consignments HAWB R129724.pdf.bin
- Size
  
  744KB
- MD5
  
  208a2a0346f4de47649b9f11ef7f28b8
- SHA1
  
  44398e1ff6731e22ca02455797a7bee1a9ecba09
- SHA256
  
  1e99e3da65f03e0389c065ab12566c02229a89bbf524131cb079d625dc179e74
- SHA512
  
  281876bf918f5d3d9d20d804209fe217300e196543111a41ba1f463223e8c8d6e5b31e325f02c2fdd0485cb4c0e01248934ec8632454622b1cf6d532ed7b37eb
- SSDEEP
  
  12288:0gFHPawHmUpAj2FXb1/CliGZ8VZKVAql7zhFTmfhMFbWVfpXalGT+wwce:0kBHTlVK/8V8lJFTAiZWVRXZT+Se
Score

10^/10

formbook tsg discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

System Network Configuration Discovery

1

T1016

Internet Connection Discovery

1

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2