formbook

General

Target

JaffaCakes118_cc110e7ce55e5f2ce96ecbacba1067ec054b4a43339ecbce9fdcf7120c2d268a
Size

420KB
Sample

241223-z1z13a1phn
MD5

e22c1af0b4ce19cddb2e34b3f895c571
SHA1

d60ef910c6950c6ba756b5a22bdd2342d401696a
SHA256

cc110e7ce55e5f2ce96ecbacba1067ec054b4a43339ecbce9fdcf7120c2d268a
SHA512

9e6d9f1c2ae118f9a15e05d772984d8faefb6621a2adc3d82d7265bc96f9c4aea89e7fef745c11db1c7c6e196d894d0e3e58814d4c91b39272f75bab7a668f56
SSDEEP

12288:v+fCObYTXAgvabfTWfkwfLv5TkNb7Wqwgtuiv:gsTQgybfTWfkwj5TkNb6gPv

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

i6sj

Decoy

earn1kdaily.com

inspirestudiopro.com

dirtiblvk.com

humanbehaviourschool.com

tsftextiles.com

viveroeljardindelaabuela.com

surreykeys.com

sf790.com

evergreenmortuary-cemetary.com

pspbizhi.com

ironwoodpianostudios.com

outrageouslywise.com

blacklivesmatterisajoke.com

reignauto.com

azw3.net

nondapack.com

dressahaulicboutique.com

pierrockellelive.com

theleagueofgeeks.com

matthiaswalpen.com

Targets

- Target
  
  f561a1d05c09efc31dce8ab86eee986b5b47c1d92201c7c0eea132ab3a811af3
- Size
  
  621KB
- MD5
  
  fb46da403e7f8d031ccd553e79e8f5ce
- SHA1
  
  4385f614789f5472cab4f7f89d24dc3e454e05d5
- SHA256
  
  f561a1d05c09efc31dce8ab86eee986b5b47c1d92201c7c0eea132ab3a811af3
- SHA512
  
  624505e6df86dd4a09ae22acc3bcfa7e5e329adf8c0bc5cccd4236a9bb6901cce4eaeab52f01e94dc530ad5a353f6e736d13a75ee7c739329c88120b87083e14
- SSDEEP
  
  12288:SYxaM8KuQaGxtVMwg5a8CPWuImvsP4oNeA:8jQLMT/CTpvsQo
Score

10^/10

formbook i6sj discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2