formbook | 0826413d723b10e17cb362a1e0986f6687243c1638be1bac356baa5eff6a0847 | Triage

Sharing

General

Target

JaffaCakes118_0826413d723b10e17cb362a1e0986f6687243c1638be1bac356baa5eff6a0847
Size

411KB
Sample

241223-xh5gqaxpfm
MD5

d2e631e29a7b3e85f345e3b9f93c2bb5
SHA1

8c3763b855c857303193f5c7767f283ed862126a
SHA256

0826413d723b10e17cb362a1e0986f6687243c1638be1bac356baa5eff6a0847
SHA512

625f4c2dba7fd9c0eccadad8247c439dc1a67958d915d386371d4fb1526c8811691e3943b6fc69296f1ab8577b1b7146a4cd15b8096b22ca9a361068097675c9
SSDEEP

12288:yn0xxKeYp0ZmMsHVbavifTJlhJgQSkZiicaNyrDe:jKeUDbBfTBJZ/N4e

Score

10^/10

formbook rwo discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rwo

Decoy

highjinxed.com

adwawattan.com

alimitlesslifeinc.com

advancedtelecom.net

metrocommunitycollege.com

modboutik.com

myfavoritethemepark.com

slimwasit.com

curlygirlrizos.com

nyshuffle.com

allovermeofficial.com

bugsy67.com

simcardtonewow.com

onlinepaints.xyz

epoxykingsofamerica.com

cbdstrata.com

liceremovalbellevue.com

bj5w.xyz

lalalae.com

glory-made.com

Targets

- Target
  
  Confirm Proforma Invoice.bin
- Size
  
  439KB
- MD5
  
  c8c984aa8535536070c90dda6d6a46a8
- SHA1
  
  431ed99f88f68b9933fbf8b642c44150565852b8
- SHA256
  
  a344590804a69e6f50c2386206d5d050db788fcd42716d1c14f77ba501e63d4e
- SHA512
  
  14d10fab4f19796e53e2075bc9b27df8f217af28d97ea250f2ae5f83421bb568bd3a58888e89ad036a4b5a4a2d3d388ffbd4f914c6f9c28e7c165f487a47c5c9
- SSDEEP
  
  12288:OCv2zv1grDRQiSSJWP7BCBkNAUqIwrk6WjL2iN:OV212BCmNAUarqn1
Score

10^/10

formbook rwo discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookrwodiscoveryratspywarestealertrojan

behavioral2

formbookrwodiscoveryratspywarestealertrojan