formbook

General

Target

JaffaCakes118_e329ba34d8d1570ab97774983efb805ffef12a16684c4687c90f4fc2959d2b5e
Size

758KB
Sample

241223-w2zj5sxkfm
MD5

131dc497c38d1d2a64211d79e3731bd3
SHA1

33782b91df79fd3d282c0c1b91ee0b7972d05447
SHA256

e329ba34d8d1570ab97774983efb805ffef12a16684c4687c90f4fc2959d2b5e
SHA512

8cca2aaa41e607dde8f9dfa8298dea4c47aceb450c7d5abff0f1fc9f671c907997442841c0d00254d3fadb6c0932fd98f0ac6fb4427105c4548fa25fb1f7187a
SSDEEP

12288:S7+1+Fe0H9ueZKCsNI/GX86Gu9Jwxs8XUF01JN8Bf/awBCXMEwgoQUM1V+c/+foq:i+1+40H9ueZji1JwHU21QswoygoSVl/0

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kzsw

Decoy

thelargedoor.com

newcuus.com

tgc.xyz

americanrvwarranties.com

deroshop.com

wagyu-importer.com

frbhomeloan.com

taniabeautysalonspa.com

nac-alerton.com

ordersudsy.com

villagegardengreeley.com

locksmithpembrokepines.com

rafsanjan.net

jumlasx.xyz

supermercadoveganmadrid.com

rubsalmon.com

glenhelensaturdaymotocross.com

jichuang888.club

aajnv.com

stackablesllc.com

Targets

- Target
  
  Quotation_2353882378.pdf.exe
- Size
  
  891KB
- MD5
  
  e13096d3bdcbb8a331d0cfd2114998ff
- SHA1
  
  5c19600fbd7c9dd4693e0c408803fe2bf50f04a9
- SHA256
  
  7ae4fad494657ec1621fcfe3005d577a4d8ca04847ca48eb466e4649f00faad3
- SHA512
  
  5d259ed4e4b6bf2827b668649a748dd5705debc35041feae245962f2f4dc5253aedd4aabec19baf5821edcb802f8b1f2b4816267e3627ce51fdb5bc070570e43
- SSDEEP
  
  24576:MGb3AdbcDnunGjCVvUFKEg+blsIYZxsn/amHgyUNC:vmWnD8UFKE/OIxgyUN
Score

10^/10

formbook kzsw discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

CustAttr .NET packer

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2