formbook

General

Target

JaffaCakes118_86a3d79159668222e08f1b8fcb16b9994188077405d78453744f59bb314fc63d
Size

507KB
Sample

241223-r5wv7ssnhq
MD5

22672a61bbd5d814d1bc6d1b4c941bab
SHA1

c7fe7276ae2a3e5d0ac9144cdc9b6cc17c03ac4b
SHA256

86a3d79159668222e08f1b8fcb16b9994188077405d78453744f59bb314fc63d
SHA512

afce9afde843dc6f532a0c8b903ebd6915bcf329b16aaca4dc4edfc742b6b6d9c5f377ca2ed3719cab2b523183a50edab94f97e13227bd0f6b88452a5bbaee18
SSDEEP

12288:qfWW9JAvXiEG4RzKp1FutCNcvZlp3G+BVeaKdKPmmTn5ihpFgLHg:qf/uGgzKp1FuTv7pzfNjTn6FiHg

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

useb

Decoy

houseofbooksae.net

ipjfeugo.xyz

sandiegowavefc.store

kamerynemehiel.com

herbalhealthalert.com

nfmedco.com

dorhop.com

bookingscenter.com

blaclyteproductions.com

novatel-network.com

locomotionprogramming.com

dotchocolatebars.com

rohanyat.online

a2detail.com

cotedazurpropertyforsale.com

space-vantage.space

averysanswers.com

lionheartimagery.com

nozincwadi.com

lovemyduck.com

Targets

- Target
  
  Inquiry.exe
- Size
  
  795KB
- MD5
  
  a06acb7a0f10d8f75fbab35b01a811f5
- SHA1
  
  93cb99d92c754669d063c842618813b8c72b63df
- SHA256
  
  7efed15a69ffc8fa8a65db6f3ed48fb3f5c727c0ef9917a352cbc713da4828a3
- SHA512
  
  48721464d5cf4ae1d8f14c6a1f4c6127964ace7794de18d84204c63c359d3315d2248cf634a5a2769995333a90a1a85ad8013072e2a8836b20c852e3405e5e76
- SSDEEP
  
  24576:FD4VHfQe6ZyWshg+qbZxTZZWunAWvS+ksZHSA/uwkSW+1mb:H5yA/uwdX1W
Score

10^/10

formbook useb discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2