formbook

General

Target

JaffaCakes118_bc8a0c4e11611d9326b6f8a632797e193502a75333430e9e6da8c20c3190b439
Size

290KB
Sample

241223-xzl2psykel
MD5

8eeff3937baa8cbe5a0aca4a157e9d52
SHA1

9a345f800ae25fd20917275d9c2f83ee3ac4fa0b
SHA256

bc8a0c4e11611d9326b6f8a632797e193502a75333430e9e6da8c20c3190b439
SHA512

779ede49ba6bd40bc5ec3d9cecd48c44eedfe05c4f60a5009a9b8150685bdd4410f62a24d10711fb052a58d3606fd9bc79db1c0cae24a56e49984a3f93f78e6c
SSDEEP

6144:D+9rSSub9W3ktKYdI6GDLceDzwS/KHwsXDA78DQK/N710JJCBsfL:C9rSSu80tfKvcYz4HwscI8K/N6JgBsT

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

r2y

Decoy

jmhuif.com

rocksutoparts.com

thechangeisyours.com

chicosuke.com

craftycreationsevents.com

8811xxda.com

guiafisioterapia.com

publicidadcam.com

birdadmirer.com

persuasivetees.com

wormsnfu.com

hitstag.com

lojabestway.com

morefrommarbeth.com

gp-partners.com

itspore.com

fastlanefabian.com

lasham-web.com

westinghouseco.com

albaturkvatifbank.com

Targets

- Target
  
  e85f434810652692f3e0a0738d9156899afcbd2bed42a6f328f0092d72a1db34.bin
- Size
  
  413KB
- MD5
  
  29448f6e9842a673aa77502015df4f0b
- SHA1
  
  8d257bb18da41104a4cf124c00237d2e59f041ef
- SHA256
  
  e85f434810652692f3e0a0738d9156899afcbd2bed42a6f328f0092d72a1db34
- SHA512
  
  e51115c18009f1920f885dca2843829bdb2816845f08c96bb5b36ee1800410400b474276edacf1cce6fa1085195a97f3fe614cc4ffecf424377a02a0bac01495
- SSDEEP
  
  12288:VD4fqRBdy4r3XyMb6U0the+KCBY5RXzRMMEK:1fdNXPm5eXa2WM
Score

10^/10

formbook r2y discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2