formbook

General

Target

JaffaCakes118_c592915b2c1e2208fe281f9cdf5eff4377eafa7c98281178b8b0eb405c47457c
Size

291KB
Sample

241223-xhkgjsxpdm
MD5

0288cfa0c1a74c0642c5b45293e98621
SHA1

71410458d7e990d9889b389dd7484cd30f562c92
SHA256

c592915b2c1e2208fe281f9cdf5eff4377eafa7c98281178b8b0eb405c47457c
SHA512

db28a06fd58132314afb97767d5b1042e01d2cc8c93465ba1de7a7f066f41ec3a51755c73f28a04dce41c5eb2b7c4df3358c42d7ac3e382c1e2c09dbc2e960cd
SSDEEP

6144:f/Q/Kgo4CK7lFjfGVxqi9WeA7MmHuvWw0UP:f/MlF7lFjf6xZ/ABuvWw0K

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

w32e

Decoy

clubedamente.com

camcooksvegan.com

noesists.com

rajofy.xyz

hoiku-ict-01.com

15mmfilms.com

8dejunio.com

government-grants.xyz

maruflegalfirm.com

jsovip.com

gott7.biz

pearlmgt.com

taiwanryugaku.net

0088cq.xyz

sflministries.com

globaltarnz.com

mavungeni.com

lordantonio.com

beiqingcan.com

dvftfx1.cfd

Targets

- Target
  
  eb6a3606545277e3af8270d85b4940be7a710dcaf11c7351755675d81ce82d02
- Size
  
  303KB
- MD5
  
  c961fcde5d17604cc66454d49df2cce4
- SHA1
  
  2a36990e22318e6794597a47e8843fd65dd56ce1
- SHA256
  
  eb6a3606545277e3af8270d85b4940be7a710dcaf11c7351755675d81ce82d02
- SHA512
  
  0e9db8b031a10780e21707c3d06853e9eea3b2d96648a8f4d9711a5fe4ab090d11588cd3459d35eaf53b8ed670518a307358a46ac579b7f370fb6464bc756d75
- SSDEEP
  
  6144:rGiko9Al1iqDsAkONYosCxEi9W8A7MmHuvVw0UY:rSl1idGJx/zABuvVw09
Score

10^/10

formbook w32e discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  oedei.exe
- Size
  
  117KB
- MD5
  
  2efd32c76b350a2f0ef015379b4e6079
- SHA1
  
  fe94d4f744e9f38a19350dc7f49443d0b9c744a7
- SHA256
  
  a498f803fd0cccb67d13228e97ca0d2dcb7cc149b080604efd3dd4f43fb4488c
- SHA512
  
  9f98a8b54e19bd1ce4819e71bd6e944bc5a476bb2488d1f035de1fdfa59f22fc7c9ee8b5df6715eb5ace9013c4441e573e7a7cbd710e7b4c7d220cf5a3f5273d
- SSDEEP
  
  1536:l5MMCnkgeOdoWzkEXu/1X9fkYL1DMlSj0MpB7J/tcnUchRDS8/37TcrnB16sWjcc:XMMuBeMR2/NdRJ10QRtcJ6B1lAb
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4