formbook

General

Target

JaffaCakes118_17fec42e3ed8e31903adadfd26604ddb83cf27df49d250e75560742be6167be5
Size

208KB
Sample

241223-z4jhgs1qfn
MD5

9e1103650e1da9f67fef010d78f44fee
SHA1

e17da9c738a65ca266603fe7d355d2167380a81f
SHA256

17fec42e3ed8e31903adadfd26604ddb83cf27df49d250e75560742be6167be5
SHA512

17020e9875daa2ef49743bf71dbc05b9e7a3ee8940eda271b41873eb87bd83c9e6671f217efd2a4369957145d706144682ed5b4d1fa3624a7588d676b32068c2
SSDEEP

6144:CW1xBiRqK/pp5JHN62xAthVEUs/2DNSFQzZoTCgb9:CW1xBiRdpJQzthRs/2BSFQloTt5

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

lt0h

Decoy

originalindigofurniture.co.uk

fl6588.com

acecademy.com

yaerofinerindalnalising.com

mendilovic.online

rishenght.com

famlees.com

myhomeofficemarket.com

bouquetarabia.com

chrisbani.com

freebandslegally.com

hernandezinsurancegroup.net

slicedandfresh.com

apnathikanas.com

chadhatesyou.com

ansilsas.com

in3development.com

nitiren.net

peespn.com

valengz.com

Targets

- Target
  
  90lh34776t.bin
- Size
  
  221KB
- MD5
  
  7729900697d95c9cb6d5bd73888cf13b
- SHA1
  
  43bb970f69404ff4c01427b99cfb669a4575d0cd
- SHA256
  
  b8f987a5099e1a1a220893763f00bcff9d84ed2dd49cb4a0ab8f5c595281e5ac
- SHA512
  
  d7cc1b6c5527da43c8cb4bbc04c356b2cb85849a847c342da6c85d610614096805f6946365f92252276b96a0bc9767c7979dfd358a6e20e752bd08d69850190f
- SSDEEP
  
  6144:wBlL/LrAY7sjzeUc1/8Lan+V6KqjWw04DzlBX:Cp/g/2bna6Kn4nlh
Score

10^/10

formbook lt0h discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  56a321bd011112ec5d8a32b2f6fd3231
- SHA1
  
  df20e3a35a1636de64df5290ae5e4e7572447f78
- SHA256
  
  bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
- SHA512
  
  5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
- SSDEEP
  
  192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4