formbook

General

Target

JaffaCakes118_8dfc90be23e0175d7920f4ad22cc376790b1553e3db45c09edf62ce01a3d1425
Size

791KB
Sample

241222-x1p5rawmfw
MD5

4779a4d1040d188307200372760b2aa7
SHA1

6ef368ee693e0494c7bbfe36b93ff044e73351bb
SHA256

8dfc90be23e0175d7920f4ad22cc376790b1553e3db45c09edf62ce01a3d1425
SHA512

a52cdd822716e14d08eca8ffbe033a5dedd5f1be3ef6be083a34975a767197b0aeeb1e7bc601524de873d534ee5dccb6e64b8dae87270d3915b1eab387b89ce8
SSDEEP

24576:SW3SZ2n8KDdW+FxQ4IcMQLjEd0wWfZN7s8wle:SW3U28j+A0MQLj0WP7Mle

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

f3d0

Decoy

clio5.com

waterbabylessons.com

magictouchbygg.com

devonjoymorris.com

johndler.com

jokysun.com

coffee-sci.com

govtexamin.com

afreshsheenstart.com

eventhorizon.systems

thelouxco.com

hairtherapycollection.com

popashield.com

optutus.com

100rupeetrip.com

petempirellc.com

intellektusdomains.com

rofe-emun.net

instore.express

flifeadventure.com

Targets

- Target
  
  win32.bin
- Size
  
  1.4MB
- MD5
  
  5da09caaae82f21d0eaca876d498ee03
- SHA1
  
  977de5ea373d1366e8f1cd1a8b77361ec995e7fd
- SHA256
  
  afc6b7fc520feb049954946e10cd3d43d55b2d4fe80b679af39c5106c87d54d3
- SHA512
  
  3f2fc9f251293e520a6ff1d2230f9e5b90ac3881a5382332a3c86acb46d5cd3a976fd501fad29ce2f16fdb033e2be2ceed0d28744daa1938fc3d6fd149a76276
- SSDEEP
  
  24576:uywX6Z8pwswlTbMNLcuzEn2AWTnD65pBT2fXEvO9:PM66wlTUFE2AW7O5PT2/
Score

10^/10

formbook f3d0 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2