formbook

General

Target

JaffaCakes118_4c47900e63bacd2bf4fc5b47d08e2235e09dbf97f4f28c44b668cc0f70a121ee
Size

239KB
Sample

241222-nzpm6axjbv
MD5

3aaac31cbf2c8382aedd9dd71685e793
SHA1

73115dc14e25ee20b84db15e4b697be528f8360c
SHA256

4c47900e63bacd2bf4fc5b47d08e2235e09dbf97f4f28c44b668cc0f70a121ee
SHA512

f7c3b52448e6a480487b17bbdd2a450b6bff17d0393f3577888fb1ed28ebb8948f7c52b7a5458b8772b663d1a86641b8e98861a85311f0d9a97b676726cdcd23
SSDEEP

6144:RjoZ8AzWqCGrwd1UwJUJfumu2yBAxgJyagaa:tBAzJCG61UwJEfuaEIqyagf

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mr06

Decoy

dreamrose.shop

bamdadlive.com

avastfr.com

aishabolduc.design

nobulldownhill.com

navis.store

paintingsantaclarita.com

wdidfhqo9751ds.link

epilateurlaser.info

expertdoctor.xyz

jtfaqyxo.work

zrexvita.live

coloradomarketingfirm.com

prestigehospitality.solutions

bmayple.com

sea-food.online

mejor-proteccion-es.click

tophatlimitless.buzz

inailshickorycreek.com

tintash-sg.net

Targets

- Target
  
  Order Nr U764D.exe
- Size
  
  255KB
- MD5
  
  04a169e7e5c9ea7a92a2ab3debf63f41
- SHA1
  
  c1b35c61e8ee1382f7f83c182ccadf4bac6be2e8
- SHA256
  
  afc6417a1f71fe5406d149c95b046b997a99421f92f4fb8398908b73675c2012
- SHA512
  
  c5c932f02ae2f6ad6a67418a3302356fde44fa194eb9f6d02e6c150865fd9b87892187bf3e6aa379e9caea90892a8238b9ac3925e4e77444a2cfaa81dcf517fb
- SSDEEP
  
  6144:mbE/HUbWRhd2L+uUgXCafRcIVqvP5xGKO1B3kqg4:mb/EhS33cIVqZAKUXp
Score

10^/10

formbook mr06 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  nnmdtjq.exe
- Size
  
  59KB
- MD5
  
  8b5d0587ce1121389864bdcf9559d294
- SHA1
  
  2b903d531834992e37fab920d7b000187a9833bc
- SHA256
  
  f57122b7b5a7eff1b245080a876201adfe42eefa299d30dfc140f0427e139285
- SHA512
  
  79e92611bab464b6c56f6fb7da20d688a6d0852f9515eb68065ddfca71a6d507f591fd8e6c7a7696b025f8d1341953b920c4abd6b170f34cc6c173fc50d72f6a
- SSDEEP
  
  1536:2vtLu0ZssXg2J2m3K5n2ETMCZQsuyXn5QnQCT:2CsPEvMCi32nCnQCT
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4