formbook

General

Target

JaffaCakes118_7b32b34b1b2bdfd9bb7e0b9b2dcf8b8ad652a941ff20a6e60419e47744506e65
Size

554KB
Sample

241223-qe4yfszrgk
MD5

850f5a4b7df63f8f266f9fb6bfaa15cb
SHA1

550437581ed0c54f5a4e351dd20f8ca475562c60
SHA256

7b32b34b1b2bdfd9bb7e0b9b2dcf8b8ad652a941ff20a6e60419e47744506e65
SHA512

91e4e03a3a9c006ed584c12f0f1dc7b8f24c872517bbef2ccf0f280eb39cd5292526b33f28f6f23e225b19730ade85aada9633e1ee89324f40ae93409e34f7c8
SSDEEP

12288:fRDffxlDEmFrL76T6nmGfZ+SxPNeTF9TYNpPW7GO6EGSd/3tz:pbPAmV7I6mGBNWnT0ShGSltz

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g8dj

Decoy

alenabatik.com

virginiaflowertruck.com

duasirmasespacodebeleza.com

quantobastafestival.com

automationfyre.com

timepiecesforlife.com

safeversion.com

uziforever.xyz

praxz.com

atlasbet273.com

mzczb.xyz

chrisanddimiswedding.com

ywedomedrkrjn.com

dxalmuxp.com

barbergnaum.com

stexl.link

cansohio.com

gopintyourself.com

ivoryowl.net

vacation-discounts.com

Targets

- Target
  
  5c2681ca119f8cc0c779cd305088751e4e584600c60da1b0f4b740396d7cd5b2
- Size
  
  639KB
- MD5
  
  73bbba751e9367feea87e8c6b631fe74
- SHA1
  
  0696c691d4a736ccd993c2a2fe9fa052338458a9
- SHA256
  
  5c2681ca119f8cc0c779cd305088751e4e584600c60da1b0f4b740396d7cd5b2
- SHA512
  
  3e20a45d5e3f3a5ed4d3cf3804e8a9da593896b9c8c8879deda1198cbc31d4ac94a56ec15d1800eea442662818c4967084f4e25b4fe38bd2d4a21bc17ec22c08
- SSDEEP
  
  12288:FOjwBJ1xeFyE79nRkCBF5nDdV02vyLNyGGqjKfIBeGeBJ1:FXBJreFVBnZ5DT0QG2IMBJ
Score

10^/10

discovery formbook g8dj rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2