formbook

General

Target

JaffaCakes118_77bcfbe04a67efa2509be0cad9ce5754bf6d5a2dd88be56d69d6247de27ed83e
Size

382KB
Sample

241222-mmhhmsvndq
MD5

f1c80062318ced6969e823254fe59ba2
SHA1

4cc3ca4121300c266e0fd6f844a199ed440ed7ec
SHA256

77bcfbe04a67efa2509be0cad9ce5754bf6d5a2dd88be56d69d6247de27ed83e
SHA512

278262d4853356d5e9b712f988ad6f60b6996ef71fef04691e50185b4c01a071afc157d674db395c65f02f18f08dd3b093366947bc6f07e842b6c00686fe7b5c
SSDEEP

6144:diyn5jxX8y89z7N2TqCAcbKl0RPQv7+A3PE2HkIXBbheFkgDOEMqZohpBVIRkjnM:d5VxPC7QTle0RIDNE2HkChnMOEpoeRkg

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

useb

Decoy

houseofbooksae.net

ipjfeugo.xyz

sandiegowavefc.store

kamerynemehiel.com

herbalhealthalert.com

nfmedco.com

dorhop.com

bookingscenter.com

blaclyteproductions.com

novatel-network.com

locomotionprogramming.com

dotchocolatebars.com

rohanyat.online

a2detail.com

cotedazurpropertyforsale.com

space-vantage.space

averysanswers.com

lionheartimagery.com

nozincwadi.com

lovemyduck.com

Targets

- Target
  
  178320c786ffb920bc58344b39d3e8dac40205318a1aaf2346c5cb7a685087c2
- Size
  
  570KB
- MD5
  
  54d9f0e4c1533561e41ed403ae5858ff
- SHA1
  
  70d0596510c2e5e12f344c06af4ec8d853dbc0cb
- SHA256
  
  178320c786ffb920bc58344b39d3e8dac40205318a1aaf2346c5cb7a685087c2
- SHA512
  
  eb0505271a6797f7be93134e2dde16c38a8ce7012962ea632ed30fbef06ab203645804374b9cf5335bffb1cffeefbde74f4f1ade10305f5c35424e749c83a63f
- SSDEEP
  
  12288:Dyocc0WttZP51W0+iEQJbJ0seQm0qXiZM5XNoIxE:Dyrc0Wtl11fZeNzXkENoI
Score

10^/10

formbook useb discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2