formbook

General

Target

JaffaCakes118_d3f0200fcc0bce4cf561cb2755d6a16b4106465e1bd8d14a8b320f7a3708cac9
Size

338KB
Sample

241222-hd48tsxng1
MD5

9747a8c2dcbebf2c4d9ce40749e8dda4
SHA1

c474adec19333b76b838bce0be5d8d8ed39f94db
SHA256

d3f0200fcc0bce4cf561cb2755d6a16b4106465e1bd8d14a8b320f7a3708cac9
SHA512

b4d2db00d07a7c437633df33b326513b7265cfa1874668500e41b06cfc4765ab0489e0dce1b1d780404b5a18328067cf5eebdd94a2218d376bb0c3285be34a37
SSDEEP

6144:ildxjAX1PAxH+0JSJX/soagPC2UYB1AOrATuz0y38bIS0VGfkwHaV32XRReE:ipjAFPQH+mSJ37BrcAh3+Mw68CE

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ey5a

Decoy

lygptkl.com

winsentrade.com

bluprintliving.com

yumohealth.com

cherryadulttoys.com

gianttigar.com

maxhutmacher.net

autostokyocorp.com

calvaryload.com

stixxiepix.com

j98152.com

starsky666.xyz

loadkicks.com

designauraspace.com

wwwfmcna.com

mikakonaitopsychologist.com

kristalsuaritma.com

kh180.com

kulturel.net

araveenapark.com

Targets

- Target
  
  Ministry of Health Kingdom of Bahrain.exe
- Size
  
  358KB
- MD5
  
  e1a110c51c33c12ee53679c40c954395
- SHA1
  
  361ca3b8600138c93a6cb8728ddefd7bb1be53ef
- SHA256
  
  ad4c2025f6a3741ba965e53a40e907b04dd1031c666e80d98afe6fd00c70239d
- SHA512
  
  8572c6c49eca57c0a89523df94c73eb65617687c4e89045633eeafb05f2844f6c14df7ef0e61fa05a1cae39d5fa664d8e206c6cccadcacc03d749a9b0caefdfb
- SSDEEP
  
  6144:l2rbJsMkhBseyKyjTzBfRARSBPu6aNpSc68iHGrGSD/7o8aIm2eW8ggs:liSBseyxjT9yRSJaNpriH5SL7BaXO
Score

10^/10

formbook ey5a discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2