formbook

General

Target

JaffaCakes118_c1642e852cbd05c9b81a47da6364c33cfab34c88eb5487d5e9b39568439a09ca
Size

598KB
Sample

241223-152wwstkgr
MD5

417e013afd74738e45fc55708b23c671
SHA1

5315223b3ed49abef56f064d73582be49ac59c3b
SHA256

c1642e852cbd05c9b81a47da6364c33cfab34c88eb5487d5e9b39568439a09ca
SHA512

7d2f4713420bc03979b1267d6e21cf422b26b3ff77501a32b71283e424640ac5e4fa335f974c61c0aac882baf109942f45c4b48b90df1e5a87bdebc5a84ce43a
SSDEEP

12288:LR+jUhQfqXUJ6OROrXiDwKu71V9JHjpkwz1MR2uY5KNRkmFrH:9+jU1oNOrXKeV9tFL6R2uYMN3FrH

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t052

Decoy

droogskateboards.com

royalspowersolution.com

lifebestmoves.com

rimpasac.com

crndhwv.icu

younggunrecords.com

rtdentalstaffing.com

2ktea.com

aiheim.com

cyberledger360.com

chrgo.com

1-alnafrica.com

reignbowssparkle.com

theexecutivestudio.com

stevebana.xyz

adenisikmerkezi.com

ralfboehm.com

chiyuedianzi.com

mjgqw.com

isiswilkinson.com

Targets

- Target
  
  6f4d39877281023ce9f36605ca14cc9a2bd3583fc65f8ac148753795b980cc69
- Size
  
  873KB
- MD5
  
  b982805529ddd169f025e4f5897ffbb4
- SHA1
  
  c9bede65491464226dc4bd769a8a926d9a0fa178
- SHA256
  
  6f4d39877281023ce9f36605ca14cc9a2bd3583fc65f8ac148753795b980cc69
- SHA512
  
  b656fbe4bee42acc24d094bfa052c9e0b72741dcf9a03fb6161bd21f2f06bb15121f370774530ccee7aff6850fe279d431654610b40226aa2e851b9d2eeda1d7
- SSDEEP
  
  12288:L5MTdaVo0smtiK5oyZJnBfPjLR0lUExUEycWuJ2kIO7F9QK:ng+FoelPjtCx9Pfc/O7FOK
Score

10^/10

formbook t052 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2