formbook

General

Target

JaffaCakes118_7382348bd7d9a366a13232f6b051f1f4127ea04f5401496de57950a9231b5258
Size

321KB
Sample

241223-tnqc7strgy
MD5

8b133fd7fe5c271fdf49a5281ffcb53c
SHA1

72dbc987467e10e0d28f76f1e7a2f2447e301bb1
SHA256

7382348bd7d9a366a13232f6b051f1f4127ea04f5401496de57950a9231b5258
SHA512

cf3cf087ec6904af2c68504e7e5326ebd7a53bfb0059ccf9007a11565f14d3abacbe0d91fa1faf4f3e118be7db01482fe60af93a18bd174982f749b0af994af8
SSDEEP

6144:aauZjhLV10jM+GWNWDDtDvFFv+vtSHEH5ilsojCGAow4l4Xm:aauZjhho4xVNvHEH4c+wmam

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ct6s

Decoy

liaquatsibtian.com

erisa.cymru

theultimateone.world

petpartner.info

edison-press.com

ryanmurazik.icu

bukasystems.com

kitsusimplex.com

qatarstyleart.com

brkhot.top

paehdfdtrujdfhs.xyz

createdbybonk.com

kuihoon.com

deathtocustomerservice.com

iotimb.com

greendiamond.pw

millionaireproducers.academy

websitemolsa.com

cbshomeimprovement.com

eardunder.quest

Targets

- Target
  
  73a9e0eec95e10855d7abd84c27208f881944a4603ab6074bc95f060d45d52d7
- Size
  
  679KB
- MD5
  
  24c3775cb554f7928eeee4865b1cdd4d
- SHA1
  
  787121f0b5b9f882261571c88be20b960f05daf2
- SHA256
  
  73a9e0eec95e10855d7abd84c27208f881944a4603ab6074bc95f060d45d52d7
- SHA512
  
  c6b096a4f5753004f86ae964558832cd188b7e5c1cb605e4085f352a9fb664a05165e3b659ce18d8da8769d16786cd60236cb4fb34d46c988815149ee768e1ec
- SSDEEP
  
  6144:w8LxBnhTon2UCOG1PkOQbhs00alDSmwv7NffZDReiA15LjR:9oZCOurQsxmOVeiAJ
Score

10^/10

formbook ct6s discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/jisuens.dll
- Size
  
  138KB
- MD5
  
  7d2cebbfe1ee8d400a3832682592601d
- SHA1
  
  1d80d991fb2925812e5af008d8b41a9c7195a528
- SHA256
  
  fc7fc9a9e53d9485bbb46619779ff8d205e187755ec50a265414a2608c2f7a87
- SHA512
  
  1456a13256ae9117ae31c0e9519ac0b917319c50e8e491b3bfe5dbd3b4864b585e1e603065f2e33cf188859cab0fcf47a73dcee96d16aa397c6857c8dd6946cc
- SSDEEP
  
  1536:xJUCRI+m36N80P7WFyM4H5zgkIydOk4OylFcFb7eMYcobUfsr5dSKoabxNUdC6:Z54SZg4pm1zemLHxydC
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4