formbook

General

Target

JaffaCakes118_7d2d4bbbd494072b6e1f051442b494a0ad2e118684f7cbcb230e3138b2a05563
Size

1.0MB
Sample

241224-21kmgszpej
MD5

b2e730400c356598aae09ba20301af9a
SHA1

4c5ff90408031e1ca8aff312f602bd7168dcd0e1
SHA256

7d2d4bbbd494072b6e1f051442b494a0ad2e118684f7cbcb230e3138b2a05563
SHA512

26e42dab9bd8016620214949c4b7c3db33db842620e95de3013fbb334e0f4fef5ab3192690a4331a750778d5d1a31fd22925c4d4fa042de220b8bd98d7ced644
SSDEEP

24576:RFVihk5WuflwOATsbouRMV3PvClKR6BI0xhOsVCD09VhM13OJm3x:BPIQlwOATsUOM1o06tx9w0HJY

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mr06

Decoy

dreamrose.shop

bamdadlive.com

avastfr.com

aishabolduc.design

nobulldownhill.com

navis.store

paintingsantaclarita.com

wdidfhqo9751ds.link

epilateurlaser.info

expertdoctor.xyz

jtfaqyxo.work

zrexvita.live

coloradomarketingfirm.com

prestigehospitality.solutions

bmayple.com

sea-food.online

mejor-proteccion-es.click

tophatlimitless.buzz

inailshickorycreek.com

tintash-sg.net

Targets

- Target
  
  985737716694171ca5cd45760d29ab6aebe57efcd2349bc5085ff13cdd365efd
- Size
  
  1.1MB
- MD5
  
  ac2c24eeb56a0fc9e89d995c4b0d5c0f
- SHA1
  
  cb42fd2596ed3ef2f681de0919fb61293e785974
- SHA256
  
  985737716694171ca5cd45760d29ab6aebe57efcd2349bc5085ff13cdd365efd
- SHA512
  
  ff3a83e78a3677ca67ae22667c341add857f117c40509dbaa7eac2a1d85649b1eaf6317a440fbab7e86e1eff4e53d27a3564081ff320f6bafc24cdc58dcaa9a4
- SSDEEP
  
  24576:0AOcZ2i7g/0jTS8U1L3j5HUSIOg0+MkYG9:i7S9m/5HPnk
Score

10^/10

formbook mr06 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2