formbook

General

Target

JaffaCakes118_3e47adc44ab8138a334d496761d54300dd54a8be85d57fcee07c0cf00ec675f8
Size

510KB
Sample

241222-l8sp3atpdx
MD5

1b1e1f553c64c859e6bd53320669362e
SHA1

defb76768bc28a369bb41e42aa69d834319eaf95
SHA256

3e47adc44ab8138a334d496761d54300dd54a8be85d57fcee07c0cf00ec675f8
SHA512

4f6f65f5ac8d418c32fde036be85d4a6dee531b8a711af92d88224ea95508068c6ab10a8cef3756374e7e277d71df7f544aca49296debd006a9d06e2b8deb805
SSDEEP

12288:zswfUXH7I3K5dFvg1hkqoIy9dekhcEN0sZRG9f23/2:dfI8K5dF+kqoIyfezEN0sZQ6e

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

useb

Decoy

houseofbooksae.net

ipjfeugo.xyz

sandiegowavefc.store

kamerynemehiel.com

herbalhealthalert.com

nfmedco.com

dorhop.com

bookingscenter.com

blaclyteproductions.com

novatel-network.com

locomotionprogramming.com

dotchocolatebars.com

rohanyat.online

a2detail.com

cotedazurpropertyforsale.com

space-vantage.space

averysanswers.com

lionheartimagery.com

nozincwadi.com

lovemyduck.com

Targets

- Target
  
  Inquiry.exe
- Size
  
  798KB
- MD5
  
  0b447963dc90968b1347008e33794a82
- SHA1
  
  f1a14274172348c9fc5fe91d7f687680d72497bc
- SHA256
  
  8b32acdc8173d7d80ebca1697b1bb6132f3d54a981141a982a3f9e95d5adc297
- SHA512
  
  eebce941706a5b11b3306587375ee04cc2ea107065c8a15809a1b9cb8f223dba6f4661824e21546fb77ee778b70fadcd4509f338811df0ab485f02ebddd184dc
- SSDEEP
  
  24576:jD4VHfQe6ZyWshg+qbZxTZZWunAWvysjg75HCek6ZFLENlg:hSsCieHLENq
Score

10^/10

formbook useb discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2