formbook

General

Target

JaffaCakes118_2edc847473281c1abb93043771ad6c9b0dfe1265bfa9a55121522048037d09dc
Size

588KB
Sample

241222-qsewgszmey
MD5

ddc3fdb4b4e41f5da7149f836e68962a
SHA1

be674d989c8f763688f425c4c33ea6c4336444eb
SHA256

2edc847473281c1abb93043771ad6c9b0dfe1265bfa9a55121522048037d09dc
SHA512

21b7b4bbd412eb0e98c73ee2c38a0d90738d9acb7d1339191877fa5090644119a5a9b4f5ccfa513689941e8a6608cbf65d3b101b017ccb1852bc420b9b28cb34
SSDEEP

12288:HnUXhMZMXoDv0IAV3UYFb30nSZb4AwzGjhdHlamo8KzRTMolf2eySd:HUXaW0v0IqXFz0n7+hdl9WRTMolf2eyS

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t2y7

Decoy

x1marina.com

567livevni.biz

itneedednottobehidden.com

chemdh.com

joelbigaignon.com

thanhtam.info

mayiladuthuraitaxi.com

quantumsystem-cz.icu

jwjhs.com

jrfglobalmy.com

mandarinoteloriental.com

osscoincurrency.com

jameshenrycfa.com

gunpowderhill.com

madamchai.com

jaymeeyuen.com

opplapp.space

throatbloodletting.com

wu6aaxa1tatw.xyz

randybuyshousesfast.com

Targets

- Target
  
  27e7a04ff10f55514ec5f1851dbce76573c6c82b139543fc4d30e96b9d6d1fde
- Size
  
  755KB
- MD5
  
  7d9340092193b9d012d4a691bb25985c
- SHA1
  
  46a8edaa531903925a73c3973081ef679497d5e4
- SHA256
  
  27e7a04ff10f55514ec5f1851dbce76573c6c82b139543fc4d30e96b9d6d1fde
- SHA512
  
  bfc6baea7fd3a7805259cb4859c87559f4874f097fc7c93a111c8510e0a4f016ae4bed114c514070f98034386a706a493fc7c27d8ed546e09bf880d2aaaf41d9
- SSDEEP
  
  12288:it3+Pfj4wtDTmilHq1QBU9t/7okRdiaer727e3qBuR88TMjGJUeB:iUjhtDTmitq1QBE9oQd9e/nqBuRZW81B
Score

10^/10

formbook t2y7 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2