formbook

General

Target

JaffaCakes118_d3bc3e6d8fbdf1bb848ac44fa3bf36c494a636d040080f039f3c61693b1b76ea
Size

229KB
Sample

241223-1e1wxaskgn
MD5

99c20bb334ef80591ea11c1d8474e4ff
SHA1

47ac14f9f9e50f273e2f93698be2e121bb8ecef8
SHA256

d3bc3e6d8fbdf1bb848ac44fa3bf36c494a636d040080f039f3c61693b1b76ea
SHA512

4c6f99ae507a9cb9dc5069a254e1ed6d6d52cdfc2824175b4982b198c9213c865ad1b90862f83f1804b9e01ce025f87eee9636008ca13c09edf94114342b3b06
SSDEEP

6144:QdXK59umPJN691CDkaFeOiPRf+N0mCyTXdspS30:Qd63I91CkMJg8XdspS30

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

uer0

Decoy

bonds101.com

lyotrust.com

can-amchainseurope.com

mysoulcure.com

hometownsmut.com

cxpzhy.site

hjklrmn.xyz

bsdminingservice.com

mockpacket.com

standwithkam.com

yxbdj.com

soulseedz.com

whxldjt.com

ruayhunhangseng.com

benefitcrystal.info

rahalake.com

cryptnex.com

comicslighthouse.com

ridenwithbiden.net

samsunbilsem.com

Targets

- Target
  
  fb6e849cd3af7e8b0c8143397e62a595a42abbfbbac81f2cdd0b2cb4d18ea543
- Size
  
  240KB
- MD5
  
  98901aff995d92677cf637b241ae9a9b
- SHA1
  
  6dac1968c4a9ae4bf26f7fd38efb721fcf7d05dc
- SHA256
  
  fb6e849cd3af7e8b0c8143397e62a595a42abbfbbac81f2cdd0b2cb4d18ea543
- SHA512
  
  e969e941f176c67d1be598ac56882048fb2fc401e5a582b9f2314f09738d6b8768522ba5f67d8c80c260f1169ac103b8972084611a23ea9467c513f03ca9d883
- SSDEEP
  
  6144:Ds9q5ND7xrAX/6ccjpGYZ/T12D2TLV47VVgLP3CATNTLzcocuk:ySD9rAXCccjN/T1TRXbtcuk
Score

10^/10

formbook uer0 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fccff8cb7a1067e23fd2e2b63971a8e1
- SHA1
  
  30e2a9e137c1223a78a0f7b0bf96a1c361976d91
- SHA256
  
  6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
- SHA512
  
  f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
- SSDEEP
  
  192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4