formbook

General

Target

JaffaCakes118_c0ed3b834f37b3354b795a2b74ab2f88ba261a8003b71e9930dea98c17ea6548
Size

126KB
Sample

241223-wjpbfswqby
MD5

12f7f2bfafb99d0ae771f9f7f96e583e
SHA1

46e36067160056a88b6b77d69c2a0bd84f64f881
SHA256

c0ed3b834f37b3354b795a2b74ab2f88ba261a8003b71e9930dea98c17ea6548
SHA512

0ea76ad83d73dd6423277dda80ed00ebbcb97a5b9034a566704b479d5f1fffedfcf08e9344bcf125c27864f5b4d2f3025999626b29bee7b02132b6409fabc44d
SSDEEP

1536:Q05trhPvxKhfwRgqdzECwEl550lDBPc3fqwstMC+PFCsfgE+WN7hZ9grQHdaE1Og:fLrhPA67XwxOOMPPd7pgwTbHgGmtt0T

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pjt2

Decoy

bankruptcyhelpflorida.com

yourpropertymanager.info

inevitablebites.com

liviabelezaa.com

bartonhuxley.com

headhuntersmc.com

karoshejeans.com

trevorrentals.com

overseas-assets.com

zpchanglong.com

bconomic.com

devilishweb.com

eagleusacoffee.com

thirdpartyinc.com

newyorktowservice.com

barbrs.info

digiceuticalindia.com

ftytqwfl.icu

cabinetinfirmiergomes.com

waystoconserveelectricity.com

Targets

- Target
  
  dump.bin
- Size
  
  182KB
- MD5
  
  e0f9c6faa04bb24a6997ebe182b18ac5
- SHA1
  
  cf6cdc1a57321f22cbb37e87ab8238fc9adfe1a0
- SHA256
  
  299989e3af67223f86fd525ddcee21eb65dc912be836376717177045fd7ea032
- SHA512
  
  7286994b3b8efca7da0145261e0565a3921beec177dbe147dee71f9ffcee3568e38bd1a965c21f2507259c33ff9fd7a62c553bb397008dd9688d2d90f428fb86
- SSDEEP
  
  3072:hbxlxKeZ0r9wNa5L7BGSKiRxb5hzx+RGT7Qh4+GGJqmvZ/5c:NxuXv5XBGDixb5hV+csp2m3c
Score

10^/10

formbook pjt2 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2