formbook

General

Target

JaffaCakes118_50dcadbe8c9b041fd0b2184fa131b09c1067b10920352996d18629410d366b5f
Size

126KB
Sample

241223-vkchlsvqfw
MD5

a467b86d264bbb25b65f493601d88516
SHA1

912a0ccdacbcffad6e9f4566d0e8af0655a5aaa7
SHA256

50dcadbe8c9b041fd0b2184fa131b09c1067b10920352996d18629410d366b5f
SHA512

023ae817a46751f97bd7c1b9b23ce53bea9d0af2e57bae70f38870cc0d2225347728549f7f1253a38660e72c3b1d5350b32a8bfd5e3daf51547359ac9e11fbe7
SSDEEP

3072:iVn4kCQF3zOYMEcIei+hvb/yBgnVaD/rOzCu4o:iHXOYMEcBhvb/+gnVaD/rho

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cb3b

Decoy

lghglzcnkx.net

bellezaperfecta.company

thelisaiboldteam.com

newzdoozy.com

prospectsolucoes.com

altmartshop.com

webbresults.com

abnehmen-erfolgreich.net

tammygauthier.com

nelly-pasquier.com

footballrevolutionbyluna.com

primeassociatesca.com

lxzhub.net

jhaalz.com

fribetong.com

realkings.net

kamalameats.com

tyuyou.net

katiecorcoran.net

rigatoniscc.com

Targets

- Target
  
  dump.exe
- Size
  
  181KB
- MD5
  
  d2f440ffe559beb7145d3b8836b90594
- SHA1
  
  d9f44fe550b7452c2bcb6b77666256816bc2e21c
- SHA256
  
  7c5ce20cff54b08358d8d3651b4f4484a503f52fd130c03373cfadf1639af98c
- SHA512
  
  c5e370dbc03d622531b04544227e7d90626b239dd41aeca73311052f111a7d76b3a07856c16c55614856543a0e6ab6ff5b7079d3925c9c8d6768ac0ed289a19c
- SSDEEP
  
  3072:exf/OhHCx8QPS83jLrsu0KWCJ2gbeGD1OAbBNJZju5vbfe:eWx0SqjLrsRKWCJ/eGD1OAVRjuxbW
Score

10^/10

formbook cb3b discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2