formbook

General

Target

JaffaCakes118_8bb8205bfde8c36a8d561d00975f299352a2103c6847ca1f5b4ba6cf8e0256c3
Size

365KB
Sample

241222-hgw2maxph1
MD5

3014c910dea549245790183f9593d035
SHA1

f0352d3e578cf65fbb6f129f64fb0a21afb20202
SHA256

8bb8205bfde8c36a8d561d00975f299352a2103c6847ca1f5b4ba6cf8e0256c3
SHA512

9b92ca1aee6bd2a91166e664600dd5288513aa61b604fd150b37a394f7125c84c65efa8c2c10f3f54ab3260d38243cdd7ee9b4bf2b957f905fd307e7ef6e07ec
SSDEEP

6144:U29elXAld94OMCtzy9D9f55IJA7Mo6MqOYah++YzfAgTIzFLMb3H/J:gX0kNv2pMq0Cr/J

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pjd6

Decoy

048307.com

hollygoldclub.net

0z4clolmb.com

jou-fa.com

yt2mp3converter.net

acheemagroup.com

metaeasy.money

casinolevant268.com

adelasidney.xyz

metawhatsapp.lgbt

designsbyn.store

pensacolajeeps.com

6wanfu.com

volcanosearch.com

authenticuprising.com

slaygangboutique.com

yesilyurtforklift.com

hiramossiel.com

totonoeshouten.com

0668mmw.com

Targets

- Target
  
  SURRENDED HBL DMLU6312845110.exe
- Size
  
  538KB
- MD5
  
  f37c6c64a2c0f8ae8146b8503fc75e46
- SHA1
  
  ffa637bc20372867f0b333a47ee016958cbf4f1e
- SHA256
  
  1b0349902810cd568b25e28ae6b2706b241d1d7b7cd2bcde1d181a45dccda6cb
- SHA512
  
  17f5257dee9930caeea5eb998b5fdddf12b0bc1ede3c43012519455ef9505efa38044a62e92dc9d2c42199562f44d6445de9cdcddc7e27f40475375c6525aa0c
- SSDEEP
  
  12288:dE2SpmDj4kKcdcEebjRMiQCQjZwC6zfHyqwm14:dww4VIebjReCsZwfTHj14
Score

10^/10

formbook pjd6 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2