formbook

General

Target

JaffaCakes118_17b09e76a4a37473539460fb04c0443a9b86bc2a26f06c2512fb11fbccbd937e
Size

687KB
Sample

241223-r3yxsasmcv
MD5

066942f24d17dd46156c02a7f6f6a6a4
SHA1

58793bd6cf362360a83a0fe6ff843eea1358d79d
SHA256

17b09e76a4a37473539460fb04c0443a9b86bc2a26f06c2512fb11fbccbd937e
SHA512

3059989a09190e53106dc3ce4ee64ec432aac74936be0cf33cdff56287cc80df4ca96df631fd7f351c6dff5a565d08deb6482348c9125fc0da0eb25142d09468
SSDEEP

12288:/yDlSgfh7AkO07Wr9kjfBpsF6OIQ2+5RdbV0v9n+Rsy1D25M87k6WpFkS:/yD4ch7A10dpOEXQBHbalXq25M8Q6Wp7

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vy44

Decoy

csdvehgry45y.com

letstayhome.com

davidfrechen.com

atticusandjules.com

meandbond.com

paar-fotoshooting.com

twboosterhq.com

shivamehandiarts.com

typhoonlogistics.net

vintagevowswedding.com

brittanymays.com

dreamylineart.com

vimspaces.com

thakurmosai.com

88-wealth.com

betsycousins.com

nationalcsno.online

mobileblockchainsolution.com

flymetothemundo.com

shopsuplementos.site

Targets

- Target
  
  c8dfddd4c5d6b2c5ee3c4f74651673e6975c4ae05d7aece0c08e40c2ad92db7e
- Size
  
  822KB
- MD5
  
  c35b8d27f7ed050e3bc31e536a0e389f
- SHA1
  
  be9dddd5fac8482212030b5f6cbb04f1190a6113
- SHA256
  
  c8dfddd4c5d6b2c5ee3c4f74651673e6975c4ae05d7aece0c08e40c2ad92db7e
- SHA512
  
  cd012d1563cd6f35444aa3a6954de8946e463a793af33a5711f7d08f00ed3fd225e6a67bcccf517aac582d99520909be7e645a385c181f5f6b38f72165ac5a01
- SSDEEP
  
  24576:TbZZMwO7ATyN3Og9QBHbel3qs5M8Q6W3C:T0l78zp8RQ
Score

10^/10

formbook vy44 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2