formbook

General

Target

JaffaCakes118_80b2b9875c0ea2e49f7b6cd9102fffda48d11adbc40a6a861039656dda687ee6
Size

228KB
Sample

241224-acvc8swlgr
MD5

353d0b0a60caec9df19e4ab91837f1a3
SHA1

a071815ac5310a553212600d2bd5441e2b6cf035
SHA256

80b2b9875c0ea2e49f7b6cd9102fffda48d11adbc40a6a861039656dda687ee6
SHA512

beff4aec95e2890c5524e2bd743b9f7af9181f320ca45817caec81792744cf60afbf3e326d89a7be14b6ffbc47ac9e013166439fe892d2f99476f5c190695a36
SSDEEP

6144:KjBFp84gcG40j5xlJqLUaEMxLDK7iNu2A3wH:08j2ql8o6LDRpp

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b62r

Decoy

gaykolkata.com

idfinancing.com

hoangphucpharmacy.com

lotworksvariouss.biz

abanchiq.com

galaxylike.com

lyhfyp.com

phantomux.com

lobotours.net

dapcol.online

airplay90.com

hylserviciosintegrales.com

lvmvdp.xyz

economybooiings.com

epiteks.com

soprendenteshop.com

mangaclsh.com

mywebprofile.xyz

fabianwilliamart.com

ayabadge.com

Targets

- Target
  
  f79d4a4a519f6ddaf119529ca2392d7b7721901b9761264d0d2ff1410dda9e25
- Size
  
  238KB
- MD5
  
  102b3ebb841c1dffa5b08afcc39222dc
- SHA1
  
  758e0993c007af3949a60a0ffe1ec19c4e045ced
- SHA256
  
  f79d4a4a519f6ddaf119529ca2392d7b7721901b9761264d0d2ff1410dda9e25
- SHA512
  
  e1452b4ac7b453b6f899554b223596e7ce258986358e56b3f2dc69bafc2178b6c83894fe507dd9a5d4d0df687b584ae41ada6482b1e73d208e0cb59ca37ac446
- SSDEEP
  
  6144:TxDpLHyngojOTo5Y+pfy3jBabNIjhfFcauPkqSEaBx5KNWYi17lrsAo:jDSpyo5Y+pqVabW3ca+eKMtsAo
Score

10^/10

formbook b62r discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  wivczschg.exe
- Size
  
  6KB
- MD5
  
  aff04f5ef16ed23b7c7b3a15e5ea644a
- SHA1
  
  ca4639d4d6c7294c03816943c0a29f4bccf943c3
- SHA256
  
  cf56b1b6dde6ae7800d3d1af04c154a5c5c635422cb2417cfc8f29ee665c1359
- SHA512
  
  1954c3e6d5ef261effd9de98d862ed429a1bbe7fc8d9c9b18c43c3da4132991a31006ade1a2c06c5c2449782223cb26d52173c9ac18d849ec26f7d458210773a
- SSDEEP
  
  96:5lWQ9f/sugXgLgegM63L7Os6Edfq/VhB9oPOoynKx:rWQ9iwU/37ibE1wQPOoyn
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4