formbook

General

Target

JaffaCakes118_82bcc02786c5e04da664f492f93824a390e1635f27a0a0ffeff1cefaa661fa9e
Size

626KB
Sample

241222-k2177asmfm
MD5

8c83245a4fd125bad31396fa659ec1b5
SHA1

fadcf85001c365813d2374a38776b3a61506ba1c
SHA256

82bcc02786c5e04da664f492f93824a390e1635f27a0a0ffeff1cefaa661fa9e
SHA512

4b55dc3508079f20da5229eeab8edeea7f302a9b654359a0dc6f8a657a32a1e183b7a192edb8dde0f0d4fb7d5b279d038cd4cf79ec9c21e10433f3c669db70f0
SSDEEP

12288:MpoJ+POn1mWIk9QT8d9saxR3EX+zM7FA8nPqW4L5tmoBF6PDXu/:zflIZYd95EOcF5aLjv/

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bgr7

Decoy

jgcrwashmo.com

ecoonline.club

jet-cell.com

fhcqtravel.com

pasoroblesreport.com

kong-net.com

hotelplazadelta.com

thomaskindergartentigers.com

reeclutador.net

gallendesign.com

sharingofbreadpantry.com

huanqiubang.net

shandyinaz.com

roditelisvoi.online

vojistats.com

leleche.ltd

abronov.online

zipperkitty.com

spidertim.com

desperateprotector.com

Targets

- Target
  
  S L BIOCHEMICAL PO_SLB210624-001.bin
- Size
  
  732KB
- MD5
  
  e080f8498204a27c100b487099c9bc85
- SHA1
  
  ec1198350f44ca88ec3c7d94dc1c9636b464de27
- SHA256
  
  2d39ede32baaeb5a699bdd7b8dc085f2b69e5a054d775cce6cce493845e786a7
- SHA512
  
  3c539c8614c0ad4190f7df4fa905669aceac780150f3d37b70a1ace7f3395f818e65f804644868a0cf3fa22c5c62f77d1b22a6cb50e71441cb21b82d18d16acc
- SSDEEP
  
  12288:eBgmqtCwHmUPYBQ44z/nd6lkwMEO5IRYELQYOdyniTKRSYMXwyTlokBRed:eBkbHTPY644bdurMxCRY7dyLSYMX9Gcu
Score

10^/10

formbook bgr7 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2