formbook

General

Target

JaffaCakes118_c364dc5afe7a758747945d363df3faeed7dbf9edd168e3c1e70176d4c952568f
Size

452KB
Sample

241224-a9561axlal
MD5

5cbebacf7eb2a1719dde6df420105f6f
SHA1

52305ec71ec32e10f1c0b7626399f07c2b2829b9
SHA256

c364dc5afe7a758747945d363df3faeed7dbf9edd168e3c1e70176d4c952568f
SHA512

30e63f4403ed3fa136400173e5d0248f56d8654bc854c7c3464380c4cdaf9a6e8071b977c6b197d09db4941716cfdb1463687afdb8fa15c6233ba6964615efcb
SSDEEP

12288:VLqcy8AIRuaD58Z/jUfyt2uNpkc/tUZf0By:5jxwu8UgpXTBy

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ucze

Decoy

motorcyclemagician.com

powerreport.xyz

ychfgdne.icu

presentschein.com

seabreathing.com

stlukeyouth.com

ifixconstruction.repair

thietbikhaithacdatuanphat.com

hexdeville.com

xn--planungsbro-stanko-u6b.net

elisebruneau.com

yxflwwbvz.icu

wafirainteriors.com

hexok.com

krewedubethkevin.com

lassilacgi.com

bestvolvowebsite.com

clarissajaneen.com

foreverchemicallawsuit.com

ebizkendra.com

Targets

- Target
  
  6a48a1bb2cac5fd1bcc700d2aa244bb2e68cc5f675c0adea8a99d25feb0b2be0
- Size
  
  726KB
- MD5
  
  a1d2eb1b3b136f097bf55235e896f14b
- SHA1
  
  916ba9deff328d8883dc2575a3c48c4b8f86b359
- SHA256
  
  6a48a1bb2cac5fd1bcc700d2aa244bb2e68cc5f675c0adea8a99d25feb0b2be0
- SHA512
  
  2b6272b9516b3d008618230e6892bb181c696974d1130b8aa9765e7951de3ec2d39ec5db27d01cb57d433d660f9c5f6f5b0a245059f1e59d69ca9f086c226b6d
- SSDEEP
  
  12288:zUpOJEqPeu6bYTReSqs9dzQl3BkobD/gZ0z:YpaEqPeu0GRks7SBzbDG0
Score

10^/10

formbook ucze discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2