formbook

General

Target

JaffaCakes118_670cc1bb467dd19d3b038dd5338ce5fc7b315f755c7308ecbc14ca24867ab300
Size

1.5MB
Sample

241223-w245maxkfv
MD5

7ee4c4cd163e4910cb1e5887c4c0547f
SHA1

6d63f1359fa12285fa0f5c22a0e6746548917688
SHA256

670cc1bb467dd19d3b038dd5338ce5fc7b315f755c7308ecbc14ca24867ab300
SHA512

61c7e86f9445fca7d8361f9ac7a39d45c40af528deaefde3a2ddc7b10b7361303f9db2cfd12af5faaf26bd05234b22adb4df3123c333694d9847b8bc8ce872c9
SSDEEP

12288:EFwbjfLo4CXHtMqQceGgZnqG7Que3y8utCfGclAXIc3BEHDEOh4XQ6i1Z2PNe3ES:ulskKetTn

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

u3s4

Decoy

treducation.net

picashowapk.com

puzzletourny.club

alleenas.com

xgyvsf.icu

valencia-noticias.com

xooxd.pet

kikimodel.com

familyfx.win

halosg.com

ishrcb.com

867537.icu

aadibhatt.net

purebloodbanks.com

zhongwentao.top

slot777dunia.com

lesbonbonsdemamiejeanne.com

prune.digital

zsyqfk.com

yamamichi-satoshi.com

Targets

- Target
  
  JaffaCakes118_670cc1bb467dd19d3b038dd5338ce5fc7b315f755c7308ecbc14ca24867ab300
- Size
  
  1.5MB
- MD5
  
  7ee4c4cd163e4910cb1e5887c4c0547f
- SHA1
  
  6d63f1359fa12285fa0f5c22a0e6746548917688
- SHA256
  
  670cc1bb467dd19d3b038dd5338ce5fc7b315f755c7308ecbc14ca24867ab300
- SHA512
  
  61c7e86f9445fca7d8361f9ac7a39d45c40af528deaefde3a2ddc7b10b7361303f9db2cfd12af5faaf26bd05234b22adb4df3123c333694d9847b8bc8ce872c9
- SSDEEP
  
  12288:EFwbjfLo4CXHtMqQceGgZnqG7Que3y8utCfGclAXIc3BEHDEOh4XQ6i1Z2PNe3ES:ulskKetTn
Score

10^/10

formbook u3s4 discovery execution rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2