formbook

General

Target

JaffaCakes118_db630433ae1c2cc96d940beab825bdd5995255dd74bb50c468bc2954a83a5216
Size

200KB
Sample

241222-lj1z5stjhn
MD5

0637bc5596f04678879c9507fc09b137
SHA1

2210cdec324c1678dedee77f1d9a95376110718e
SHA256

db630433ae1c2cc96d940beab825bdd5995255dd74bb50c468bc2954a83a5216
SHA512

c1a64cda8cb52a345d893a86bc88e678470f8e45fddd49ec3b0480c0b27cbd1e0d9743d37125f57f810c27e09ce062da6d78a986da8ef995896417535e8a5332
SSDEEP

3072:lzGfpI18es/eA2sXvFnqpdxQedvvllPIzi5kwW14djEqYhegCZnwyvsq3mCi:lKfpo8esfvFU+edzPIziewWO9iSlTK9

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d23n

Decoy

keralalotteryresults.com

cosnerreview.com

tilcompanies.com

tokomakmurjaya.xyz

twmarketz.com

spytfyre.com

eyerafitnessapp.com

faswebs.com

hotcinfin.com

modifidecars.com

xn--rhqwesct95oo2g0ro.com

fruitfulgreenhousefacility.com

pomidor.biz

volondamasterclass.com

latexbbs.com

kkh222.com

ratted.xyz

littlejohnsinc.com

vacationdealscorp.website

bitcoinbil3arabi.com

Targets

- Target
  
  gecikmis bakiye.exe
- Size
  
  213KB
- MD5
  
  2374db6853cf78b15f31892c43180857
- SHA1
  
  5eddc78b5d56fdac3e42af18cf1b5cada38368f5
- SHA256
  
  92c5014b109cf6b18dbd0466a0b2ce20bb3900d667747c069a367d98651f419a
- SHA512
  
  021b1f2d467729ee479f25c6be7a5417ecf889ac86d3d340c9cb5fbb741278a6cb3d30921b18ed2d359e16630acfb22abe26240f94f7214d1e3b1d1347d3d24e
- SSDEEP
  
  6144:HNeZmDuFbUmUCYmtm8X9UiZ5KQzgg4pWI:HNlD4beF4ZzZ5tqH
Score

10^/10

formbook d23n discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  jnkbb.exe
- Size
  
  4KB
- MD5
  
  513ec601b4cd4e5b3453805337b08116
- SHA1
  
  1494f6490d448ec0d5a16817b4e02b9c093f93c2
- SHA256
  
  ca770e8d07d951e267ad1a84d247a0ca50376b92f0f022bfb8920c620ea71a06
- SHA512
  
  3b367b6af540b150a0b8f833379c3a9328d0a58342affd4b56afa66fabbb608146bf67e8d72748ee9b56bc39caf256e0a4716934a57bf96376905e403da75f1f
- SSDEEP
  
  48:vpg4EM5rlz1FZHLnd9TybIyb45oAPHfwwfNkzQ7t4pvLLmqVbYmR:BFZF7ybIyb45oAgwf+zQ545H1FVR
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4