formbook

General

Target

JaffaCakes118_28c8678d4316f1bf61b5b7fc48f87aed9d0c5fc19c7b1ebd9bd8f481ac861dc1
Size

228KB
Sample

241223-2lhjkstmdy
MD5

cd9c3038306c197d103df19c41276f84
SHA1

02ba8a437709c0b1277d8b18558993fb647c9cae
SHA256

28c8678d4316f1bf61b5b7fc48f87aed9d0c5fc19c7b1ebd9bd8f481ac861dc1
SHA512

f9ff6350ca2ac470e337c1588bd88a965f0a10a29898fafbb7d1707c277bc40248ea7a3c5926c2fd1a1dbf6262b835f34bcd793d87a576110fe4f111fb400188
SSDEEP

6144:R7WRuJpsrvq16CCR66ERpuDc9343lu7mVCHS/cfAF9:R7WKpsrvq16Ck66E3wc4qmVoSZF9

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sh30

Decoy

raptorwin.com

mmwavesolved.com

coachingwithcc.com

ssvminc.com

celdegobierno.info

wpaci.com

denison.top

fdsff.com

kelsapur.com

pontodeacucar.com

tgbamg.com

hkserver.xyz

muscatrfc.com

gylslgzn.com

roses-rouges.com

stanleymediaproductions.com

mintplatform.store

mentalallyhealth.com

lezfilm.com

lucarbo.com

Targets

- Target
  
  oo.bin
- Size
  
  242KB
- MD5
  
  f905085a630d00b01d514b663af54325
- SHA1
  
  9355bfd5c0d1fe2636c24c12da6783d964a9562e
- SHA256
  
  7d5ffe72101db06ec8ef98e2a4d698cb4a7a2c430210bef73b837fe856a5cc34
- SHA512
  
  92dba6c93446543d4148d3f86eed4f1d5ae5e36f73fa99975e01c619e87f465575b44244f8a35dfcdfed45382ea8cc3355468dcfc5a5e7db496d45b16134f8f9
- SSDEEP
  
  6144:HNeZm6BQtVdcgqeXfoq7fkrJGNevy73Ke787JhYKnusW0i:HNl6BreAq7+GNevyzKe7gYL/H
Score

10^/10

formbook sh30 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  lycasyi.exe
- Size
  
  4KB
- MD5
  
  b4ae0759295f61f4a798dbac502dbb5d
- SHA1
  
  754740cc5275e1f45d9e83ba8eaf0de46950d2b2
- SHA256
  
  1e5e59864f9e0f0d90aafcd403b9b915b77883e57cbf5803116adfe292d81b2e
- SHA512
  
  41486569ced8dc07eaa0693a1b42f3f597c1d3791745a29de62de1ef765e59e5006b0c6796f5ee387a75ee66497fc490620db3c2ef4f4e55476f2db2db228bef
- SSDEEP
  
  96:B7SuWFY5Xj0e9Qb+MSiWEeqhJ604MYAq:h1WigBg/IH604MYA
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4