formbook

General

Target

JaffaCakes118_3584181ba3277afac8408bf0bfce40dc783cb4f0e53ffcb1969a7ce8ec64376b
Size

613KB
Sample

241223-3s86jswjcp
MD5

08427639fad892b0b30080bc9edd29cd
SHA1

f51e280ae7515b1b04bd7af56c7246c3434ccd3c
SHA256

3584181ba3277afac8408bf0bfce40dc783cb4f0e53ffcb1969a7ce8ec64376b
SHA512

fc1c68b7eeee9f263f34812ce27653b1eec284b3abea2ef598ce9179f4d6f191c406ffb0c965af1f7aa3bac9518e3dde2579f64cfb5ac487879cfb1f2780c5e0
SSDEEP

12288:y4OPQb9Q36bphdSR6jY1+iWKvFIs10kokxWj1BW1duwJO0wBSbr6MCRe/:yVe636NuR6s1+iW2FIs1RnWjeywZwovZ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s3dy

Decoy

ravlygte.info

marketnewsville.online

flooring-envy.com

flavourhouston.com

donghohanghieunam.com

globleitsolutions.com

digitalgraphicarts.com

cupidbeautybar.com

cannavybes.com

negative-dsp.com

littledali.com

meltwatersoftware.info

blackdogland.com

danasales.com

mississippiscorecard.com

mainesmoker.com

sirenxinlilzixun.com

tychehang.com

gentciu.com

weckloltd.com

Targets

- Target
  
  abc5f0bba372268d0f2bf14855e720c4bae3e865a23ef46a8f9adb31ed9934c2
- Size
  
  665KB
- MD5
  
  ab63451afa0cfcaba8e5b555a3c00a3c
- SHA1
  
  d1f2b048c4b3cf31cf1e99c9d531109c33eab939
- SHA256
  
  abc5f0bba372268d0f2bf14855e720c4bae3e865a23ef46a8f9adb31ed9934c2
- SHA512
  
  5d4e946e9b9b302af655c27e67a98bac6cf7184c1df974fdd2158a1ad46ba04818aea26419d8e6b6ab51de7944a9144cd68f16aeb7cc964c96cbc50d86f45fbd
- SSDEEP
  
  12288:Rt1mtiK5oBhiSXXRreHiKpQNyKTG1yPr4ZYPZ9RVATn2F/n4EsZ1XEnPHfOq:z1+FoB4SRolQXKYPr1fRTF/PmGP
Score

10^/10

formbook s3dy discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2