formbook

General

Target

JaffaCakes118_d36205d74701660f17c2def0d0f66f81e69596fd51bb0a482c5fdb16af71f0c6
Size

368KB
Sample

241222-qrmjyazmcz
MD5

5406045113a7856e37906902e7577504
SHA1

b8da31a4c1a82ca4ab37730d4fc26f7ca317c4c6
SHA256

d36205d74701660f17c2def0d0f66f81e69596fd51bb0a482c5fdb16af71f0c6
SHA512

d11a85bcd65805df0d62816bc60c1eafd7683e82aea327c81de6a97ea74156fbd0d4920cd857bc73fdb65372821d2e8a91a8bd2949ac7243616141ddb8e14f7e
SSDEEP

6144:dyihsRnnuVBd1vRQocOVm3BeaWpcNGQHByyQiYU1jNLBHMarg3VWkNOqqdIlPXJl:dyy9lRQnOVm3HNHIpUzpbEgfqqq/vz1B

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p6ai

Decoy

ocfoundation.info

fullhouse01.com

a-great-lexus-rx.fyi

googlepayperclick.com

coachmyragolden.com

luxclothing.club

medicationbuddy.com

miraclepawsfoundation.com

datingforcez.online

wasteharvester.com

solslides.com

hotel-ritterhof.com

tianjinsf.com

receiveyourcashnow.com

the-vma.com

godrejroyalewoodsbangalore.com

erickrokanphotography.com

vasinvestments.com

janlago.com

2nocent.com

Targets

- Target
  
  vbc.bin
- Size
  
  632KB
- MD5
  
  2350899dd0c4a9d7f8440310978e6250
- SHA1
  
  d2111c37f59496d195689c2ab060a7057ea5ecf5
- SHA256
  
  ceeda4a7a306ccc5a4606ff794950469392130188f5a5a7df1b81562ab021d42
- SHA512
  
  c4780298c5dbed24575900c0992f5efd6ad6504682a270bcb038ffc28e076ade9f95252bcb89723f312131b5ca3089d7209f51b1cae8de29b5d3d02b32ed131b
- SSDEEP
  
  12288:wQT9s31JoQ2juBhV0jr38DBMQpD9h3DLQ2Lx9xLd:wQT9s38fjuFG89nZn
Score

10^/10

formbook p6ai discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2