formbook | bf0aefdee6705696a7b997ed585a9ef01b5615149bd077a439917c23c9972557 | Triage

Sharing

General

Target

JaffaCakes118_bf0aefdee6705696a7b997ed585a9ef01b5615149bd077a439917c23c9972557
Size

388KB
Sample

241223-zfvwlszrcy
MD5

dc4caa83135a950e8782843dcc0753b8
SHA1

d97413d35eda9bd2c17a7f8895f0d51c765dd898
SHA256

bf0aefdee6705696a7b997ed585a9ef01b5615149bd077a439917c23c9972557
SHA512

aca2c6ca63675423265c13b6ca21d17def82df283c281f8f7d9d96cd85863cf8824ab98db6b20293ac2deb01125db4f5d0acab4307b4d13103db11c8de4d578e
SSDEEP

6144:lVhIW6u9mqynZD7Kht4yxwZhnPy4TpGsq5AnPzjnmE73VMH527MRW/yXldQ6DYaM:ZIW7mBD74VxcNddBAifnm8ExdJqCY

Score

10^/10

formbook qzxe discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

qzxe

Decoy

+ofy/jc//gxWTSyDsHNe/HH9Fw==

JJPj3RBaNUVMfGjFDYHn4VdZS07u9w==

MDmWp98UG5ik7K4=

Lyqf4GqrrNshqB8Rd2k=

GSZF9fyueK9D

go++PQqY5pik7K4=

TUKqEY7b6Pw157uI

Dm2xsOPllslVpt49Vg1pbw==

PTqi5lNcK5ik7K4=

7MgiQoDCx90vLLPOxru2

Sy+TnscLsgODvA==

d95Jmv8+SFddJyKWA4T92cc=

MJHl2jFE+ySkGFO3CIT92cc=

21nQ5Csz6DBxEMSd

MPVPVojhzO5ErK1evXY=

XUSG1EWdjJ0YiY0nmpLf2M8=

wzmZpONyKVr2QKY=

Jm3IFI7RxANTgTim+w==

XUJnuClAAUnCpSMXW1SaExea

ambAG315NEd5RsOeJaudSsZCQBMrrtr/Lg==

Targets

- Target
  
  ccc792e234a29204157d4833f4ca76b93328cdb9cb6f4830d1bd283934d49e45.exe
- Size
  
  447KB
- MD5
  
  601b2d6daefd3d2eca786e4d261a753c
- SHA1
  
  3833e13c1f023af9cc7755b9e696a66c75bf03bb
- SHA256
  
  ccc792e234a29204157d4833f4ca76b93328cdb9cb6f4830d1bd283934d49e45
- SHA512
  
  4b4f93670380e9bbdc2d1d962db5fbc41531c2bff474a4a44b09ae665ba000b39a3ae6a0c6a4acda05c5d9f2f508342ad2293ba6c65de1178c77c231e7b1121a
- SSDEEP
  
  12288:qX3f3jN2fyF88TTI5qa4fcujtyxE8fuDw2qcSo3:afxni8Y5GfbUxKw2co
Score

10^/10

formbook qzxe discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookqzxediscoveryratspywarestealertrojan

behavioral2

formbookqzxediscoveryratspywarestealertrojan