formbook

General

Target

JaffaCakes118_9cb9cd8ccb177fa649f6aa14cc3e0e8e426c4aafeb4a963de8ed47faafa1e2e0
Size

1.2MB
Sample

241224-3p99fa1kes
MD5

24fa0851e426bf0a84981214d8383112
SHA1

5528066543aecb111494c9001d0c27ffce1698a3
SHA256

9cb9cd8ccb177fa649f6aa14cc3e0e8e426c4aafeb4a963de8ed47faafa1e2e0
SHA512

cb852897a5a097f3ec496bf91f1fd1608b48f555b6975c2972858aa8458a7ef5754f7af00a2fc86eed4c0bc20794235d85f6e969b3f61acd07106f1a1c5fe3a5
SSDEEP

24576:rUiw09ckKB2Ttw61G/Ei8KyilGSAgkhfNrBFYV9dUZyp:1w0OkbUsi/yiAN9yV9dAyp

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t01w

Decoy

yeluzishiyanshi.com

thehardtech.xyz

arrowheadk8.site

zaulkunutila.xyz

lookastro.net

congregorecruitment.co.uk

darcyboo.uk

collettesbet.net

ltgpd.com

hiddenapphq.net

haxtrl.online

esenbook.com

jxzyyx.com

ulvabuyout.xyz

instashop.life

vazra.top

ewdvatcuce4.top

zhishi68.com

fabricsandfashion.com

hootcaster.com

Targets

- Target
  
  textview355624.exe
- Size
  
  1.3MB
- MD5
  
  a482429d1a13c6d0f3a879a6673391c5
- SHA1
  
  17c069f52138457ea210670b831cf21c89c1f0af
- SHA256
  
  39ef261dd5ada5c7b29412ca0e95e6950de77ac8ab9f6e096692fd553a6e3ace
- SHA512
  
  ff54cc0abee1d9daeabe9de77ac3e704a0fb7944f4c0644664d10ac7cd813afba9b07c104e5943b4e1200a6b98ceadff90a473e4ff80cb7043adc25239c9bf70
- SSDEEP
  
  24576:rAOcZ8h2ftK23S4LMhWNUkjPV99npuezy71oporahO:tsCkNUkj9fZe6GJ
Score

10^/10

formbook t01w discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2