formbook

General

Target

JaffaCakes118_1d6d25f277b7ff1b9f7d7679afcbcc95e159aa22b7cb79e3afa3112c69b2436b
Size

405KB
Sample

241223-318vrawlaq
MD5

3710a124a6c7870486b7445dd06abbc5
SHA1

449b6a793e3f085f005323a94602d7ef25163982
SHA256

1d6d25f277b7ff1b9f7d7679afcbcc95e159aa22b7cb79e3afa3112c69b2436b
SHA512

54efc81ec4a6442718d8b2cbbc4aedec9d51644915498d16038862392142d22558b9cb403c1ffa79d406a9a516714ca6c2f88aa39672cb9ead9b7cd4111fa91d
SSDEEP

12288:3YfYFSIn0U4OGIYgpHKvVq5BRyuTWH8Bk15uFuBY:OYUIn0/2pHKvVq5nTWT6

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ukj

Decoy

tengtenyusdaq.com

zukcoc.com

amazondronedeliveryservice.com

89building.com

dandiconsulting.com

kango-dream.com

amityexport.com

nguyenthiminhhai.com

sacredbridgepsychedelics.com

finalstepcleaningservice.com

glasgowmanwithvan.com

christopherkalaani.com

aureusgoldcorp.com

axion.fitness

tradeexportminingcorp.com

seekinward.com

amf218.com

abckidsmask.com

got-brains.info

richfoodlovers.com

Targets

- Target
  
  2.bin
- Size
  
  476KB
- MD5
  
  51afc3df2bf79ca26430f80604c0640f
- SHA1
  
  fc8a3fc1151d29d9210735e50b104e0aff7c3d42
- SHA256
  
  162fdb36fbbaff1589c43a9d4ee712e15e8e123a562e569fcee28db30b756396
- SHA512
  
  f2985a20a6378911a3d094b2c99217bb602ac7730376ea3168c53a8214891664e9d17214a745bcc4590df8c16151414dffd6b9989431a0d6ce243ed06a4c744c
- SSDEEP
  
  12288:as+U+xV6HKilmSQ2RLrY0RYqxIik39A1GKZHNYPzodlDDy:asZ+GKiQZ2RvaqxIhA1GUKzodl
Score

10^/10

formbook ukj discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2