formbook

General

Target

JaffaCakes118_10e4c6cbdc4b4d8e42c0d3eda61cf3a64283bd00bf83193303587c202590bec5
Size

228KB
Sample

241223-r5x39sspaj
MD5

6c511b1b7b5c8039de8e124da440c7c7
SHA1

5705e55fd3ff16e0be583bbd355b9a240f84c549
SHA256

10e4c6cbdc4b4d8e42c0d3eda61cf3a64283bd00bf83193303587c202590bec5
SHA512

a1e232b88aecece1c85b6b84c4553701701bfc5e3ab3513e0fdee7b9c7b6dc8b09de6f2ea23ab5579565d2bbe371ec4f207a8b0d926246da6751e40ba5c6e5c6
SSDEEP

6144:ldefUvnq7NqECqXy2g8mKbIQgfCHnK2r4:Pid7N3CqXyJ8tIQ7nKE4

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

nk6l

Decoy

cbnextra.com

entitysystemsinc.com

55midwoodave.com

ebelizzi.com

khojcity.com

1527brokenoakdrive.site

housinghproperties.com

ratiousa.com

lrcrepresentacoes.net

tocoec.net

khadamatdemnate.com

davidkastner.xyz

gardeniaresort.com

qiantangguoji.com

visaprepaidprocessinq.com

cristinamadara.com

semapisus.xyz

mpwebagency.net

alibabasdeli.com

gigasupplies.com

Targets

- Target
  
  bb4c6c01b5e866d18d6d6559242b42e79ca9980cd9dfa0db7b4331395a6b5204
- Size
  
  241KB
- MD5
  
  cb7d4c1dc8b01bf82bb52937e5deeac4
- SHA1
  
  458dba8f4563cd030afb237d69293208d71149ad
- SHA256
  
  bb4c6c01b5e866d18d6d6559242b42e79ca9980cd9dfa0db7b4331395a6b5204
- SHA512
  
  3565215740241e089565892b74108c0cd408433803d4fd435fc8f5ca878b23ced260732ffb59d617bdb91bf7429af630464bb6718469d35ffa10f2aaab8cb633
- SSDEEP
  
  6144:HNeZmj7TSnqxNkECqXi2g8mKtIQgfCHaK2r1:HNljvbxNVCqXiJ8zIQ7aKE1
Score

10^/10

formbook nk6l discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  uyzzokhns.exe
- Size
  
  5KB
- MD5
  
  78bbf1cff4144ac88fb2fa7a53196d91
- SHA1
  
  c7daf19ac7143a2e02173d03223a9bcbcb6e44b9
- SHA256
  
  2a46132c92ba642674b00ea5df006856498d67b30f64ca5c74061303b056ec0f
- SHA512
  
  5eb68cdaaeec7990b1358853a7a2c2b01ff81c24d1cdf2e931a20475bcb1957ac4a42f723e51b2c1a51bf837d0af784d0681027634d6260d04f400d618e9a4a6
- SSDEEP
  
  96:BlfOtjP6eAaHh5pZxTqzBS1nsnQXzGbSu+ynOVR:b/3aB539qlS1sQi2uZE
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4