formbook

General

Target

JaffaCakes118_6a38f04a2f86686e8a4d726b429656e74de60888824937c623e7286fb01b5f7c
Size

283KB
Sample

241223-q4a2ns1nel
MD5

9d3f6d145dbf5f5fd14d33211f5016d9
SHA1

6f945cf272197092fd9ce66b0f24caf5cacd6d4a
SHA256

6a38f04a2f86686e8a4d726b429656e74de60888824937c623e7286fb01b5f7c
SHA512

0bcc7c789b5202d5ede4e3350e65391ee4d9434583f2edfe8408a82e3681208407dc1dac338a03ff81a1ec8b5c3a835abfb26631677c2febec947577bdc0829f
SSDEEP

6144:WO3eRxa+6ggJei8SM4+BXspHXDuRM6e2VVWkG0T8ro:7u/apLetSMbcpHXDuqKVVWkG0wo

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g09e

Decoy

flyinglarkgp.com

spiritsyncing.net

sushikreci.com

drssdup.com

mobileappsus.com

lvrcprbrisbane.com

nfjnwa.icu

ottenbruch.immo

strinosoft.com

portershoecollection.com

electriccarsus.com

lecai.icu

piplespnd.quest

talkrecords.com

lowcodeconnection.com

lastwagenfahrerjobshierorg.com

kpallman.com

dcrdr.com

chainalysisinfo.com

einayaa.com

Targets

- Target
  
  19abdec12c4b7f3fd7a1912867b03527e8b93548cacf14c0a9b3bec61989a573
- Size
  
  294KB
- MD5
  
  1232d8adee3eacc8a6d6757cb2b2850d
- SHA1
  
  b55e8f7f49e2db9c3279fe71214cf54a4e81c69f
- SHA256
  
  19abdec12c4b7f3fd7a1912867b03527e8b93548cacf14c0a9b3bec61989a573
- SHA512
  
  fc0808dc711eb04ebc204cf9e9e3b28cd583fe91037698152a4dca8b5be62d1443175570f444c546a737ff2510007f65e217de707d94010d13d76d2e371896ee
- SSDEEP
  
  6144:owpg4eB/W8sfYIUAXvjBkPloYw/C/Yz2K1A3pDlzE3iMMknvxw:Vg4eB+8p1CvValoYwak2KS3tlQz7nS
Score

10^/10

formbook g09e discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  cbpklgiv.exe
- Size
  
  121KB
- MD5
  
  d04a14c986145807ea9fe37a7126d675
- SHA1
  
  28dee42f5cec69d0117156d96231887a4aa7d8a7
- SHA256
  
  6c019f60af2c9281a9c17b27a336749283767ac9229c9d3bbcd8ccedc290b417
- SHA512
  
  df9f899629bc4c32704f19cea834c62da6ac6bb1043ac801069d3418f4a14ca28175ace78da4bb5ea4034509891b336db9d519d8370b388148461453a20ca526
- SSDEEP
  
  1536:rg1+KVQ8rIrQgdQqWzEEXficU+H0se/COAMMjpLb5EBiE6mV7MFi/wkp9c8DjsWj:UcvvAic0rIVyBiET/bAQ7
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4