formbook

General

Target

JaffaCakes118_58aa05be02add83459b2a846f508ae9dd7db5045af90c886def45179da9daebe
Size

293KB
Sample

241223-rpshvasjcx
MD5

b5febcdd7e6e69854977ead7fc9deccc
SHA1

47ba8af8ef9bbdc9cc68559a624bc4f74fa2358b
SHA256

58aa05be02add83459b2a846f508ae9dd7db5045af90c886def45179da9daebe
SHA512

db5ea71b0ca74a7e91ff8b958afbf84041060f6352d0b33e31b218cb3241319301819d8f1b59abc871ca04273e40864968425ba370b5cb537d95d9eeb6c8bbf2
SSDEEP

6144:V9g1+dyIFVrh1cVSzCs/dL9+YkQR/nfOmP8GvgVF1887GGR:VqbyVwSzCkBbkQ/2mP8GIDbyGR

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

r2y

Decoy

jmhuif.com

rocksutoparts.com

thechangeisyours.com

chicosuke.com

craftycreationsevents.com

8811xxda.com

guiafisioterapia.com

publicidadcam.com

birdadmirer.com

persuasivetees.com

wormsnfu.com

hitstag.com

lojabestway.com

morefrommarbeth.com

gp-partners.com

itspore.com

fastlanefabian.com

lasham-web.com

westinghouseco.com

albaturkvatifbank.com

Targets

- Target
  
  c478555.bin
- Size
  
  413KB
- MD5
  
  a4c118271f24db37f4b2169b107fee2b
- SHA1
  
  44a2558c6d4c3d87a12a54e43b72d0e782d27ed9
- SHA256
  
  10c780fc7475e86625f03e436acf7140e49b66bd7cb8c483330c9707c4b391b8
- SHA512
  
  36ab713f0eac9c4f847574775f78586619a29b9adab0bc11ce1ced10c66cb4e5f9c528d751b416e1138441ae2a55d4f453004e94f41c78fce912f64d3ab51835
- SSDEEP
  
  6144:4Kf+0/hitjkl6Vgr/WOjKkFBY5RqspzRkrjAEKc:h2glbe+KCBY5RXzRMMEKc
Score

10^/10

formbook r2y discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2