formbook

General

Target

JaffaCakes118_6ec463c0125e3fa9d9fccfd6e503f2bea4442e47407cbd069e41197ec70d31d0
Size

973KB
Sample

241222-m9h3pawmdq
MD5

35eb7096e0c78740dc7d4138f670ae59
SHA1

8154f4bd0d1dc20e35ba9a28269fa599e03b39a4
SHA256

6ec463c0125e3fa9d9fccfd6e503f2bea4442e47407cbd069e41197ec70d31d0
SHA512

7572d0d8c719c8078b5f605f21c7140a992c4b3000bf1fb305564c18cf1bf66f2c6c724dba769e424b5cd2f79d5bcfcdad18bce9faa5b02b87fa8280a7daf65d
SSDEEP

24576:43OYejHsxvLIQWVf8uxqrj2ghBxT3AUr0y:GUqjIQW+uYriSxTQg0y

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn31

Decoy

matsuomatsuo.com

104wn.com

bolacorner.com

dawonderer.com

yourpamlano.xyz

mtzmx.icu

lepakzaparket.com

barmagli.com

danta.ltd

marumaru240.com

people-centeredhr.com

test-brew-inc.com

clairvoyantbusinesscoach.com

aforeignexchangeblog.com

erentekbilisim.com

gangqinqu123.net

defiguaranteebonds.com

thegioigaubong97.site

vaoiwin.info

vcwholeness.com

Targets

- Target
  
  c7757a3c21c62d9f56a30bfe1660727de4932993c0d4e3c650f001914599905b
- Size
  
  1.0MB
- MD5
  
  43e40486285956beaffed65745f28b0a
- SHA1
  
  98f08012fd95967761b71b64ce3c91332c4bdc37
- SHA256
  
  c7757a3c21c62d9f56a30bfe1660727de4932993c0d4e3c650f001914599905b
- SHA512
  
  f7ff5cd2ab47153d7f699e55583afa6dc1d34d3e60abf9f43d13011136512d3e48474cd2e13cd9454f53a6260669fe54c50220e870fe3c486a5cb7bc7f6f454b
- SSDEEP
  
  24576:aRA4228CFtXo2A/Nzf1pccEOw2ia84Pj2hQ2PQrY:ah2JCFtXo2Yd+2ia84PShQ2IrY
Score

10^/10

formbook sn31 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2