formbook

General

Target

JaffaCakes118_7f18372c0442afdf8d7929f1ab4c5e02ae0f83e1419dcde5867b4f440373bd7f
Size

509KB
Sample

241224-agxddswkhz
MD5

e35702d2faafb62e5674d7e18d678c4a
SHA1

a7fea97fd60c0b0a434c1b39a0bdc7a7bd2cd885
SHA256

7f18372c0442afdf8d7929f1ab4c5e02ae0f83e1419dcde5867b4f440373bd7f
SHA512

92967b8df8d6500b25975f55964f839cb0e8c06c4acc724cfcad5670332d72d4a7eced4c32eeb9c529fed43134914e30185a7f7854242b37187fbf54701d5527
SSDEEP

12288:Urvuo6Uq48Rl5AvtXMPlJEkMTMc7aIDinbud4nxr9XLGC:uGo6UR8dAvt8PlJEZMc7aIunSd4xrFLt

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

njo

Decoy

thehungryaperture.com

vincemceveety.com

thebuildingmgr.com

babaobox.com

qykrot.site

wald-pack.com

yeasuc.com

toplevelsealcoating.net

seebeec.com

williamsburgcelebrates.com

bons-sites-web.com

rnlasermedspasolutions.com

tercerintento.com

oliloudalmatians.com

pj-kingdom.com

karen-elmir.com

wellhealthfamilymed.com

learningjourneytx.com

calmyourmidnight.com

nextuptechs.com

Targets

- Target
  
  3dad99752800d2418553870b6e932c66
- Size
  
  793KB
- MD5
  
  3dad99752800d2418553870b6e932c66
- SHA1
  
  2ced778734d015bb2c974adeab24e5e315f848a8
- SHA256
  
  92f656d44d38fbc5e7964e36634bf95d18e157228624d1b38ea933633579ddc4
- SHA512
  
  f4479e41b6790cb2254cf6d0b20d10d9500f5d27ae616ce7fe88185dff28b3bfccd2a512cd0c699c24defa8f6e19992132d50007ad1e5b319731219628a29a2a
- SSDEEP
  
  12288:FE6pc7/py8+9phJ9JnvMHYRNduSzk53+XkdtqaXL+Y6vh9GMl6EJJ:K/py8SVnvM4XNkaAuYsJ
Score

10^/10

formbook njo discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2