formbook

General

Target

JaffaCakes118_bac8256dbb540a1919ad6fcdc6d071d89cce7a7ce8041f612049644967f47a12
Size

734KB
Sample

241224-bcnq5axlgj
MD5

04a11ff56ce693168834ba29bef93b2b
SHA1

2067ddb136ae77cc25a2f055c3d945d0a6e9a1ac
SHA256

bac8256dbb540a1919ad6fcdc6d071d89cce7a7ce8041f612049644967f47a12
SHA512

02f6a538297ab1b5c4a5802b0feaae944a35f67850d00c8b8bd25c717df07fb4a2ca07ea0335c035c8a4f6b115cebdae9c0572ba06773f0f9f311069fa69402c
SSDEEP

12288:JF5QkJecOuNPel0EI+TCV8se7DEs5CSt20MXmMU4pJy:JJQcOuhex+A7DEEvt20M2f2I

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b3n1

Decoy

alexandragrows.com

shellload.com

stanleyrorke.com

glasurit.us

facebookismetaverse.com

astoundingaffairs.com

facom.us

dysonsaleoutlet.us

obtengaunitedhealthcare.com

sebastianroofrepairs.com

saltvent.com

littleonesclub.com

webamazoncardshopmail.xyz

lutam.xyz

myfirstpsgame.com

comline.cloud

valueinsightfororacle.com

congregacionansestral.com.co

paypal-uk.xyz

facebookversuzmeta.com

Targets

- Target
  
  ScanPMT.exe
- Size
  
  593KB
- MD5
  
  455769c893c56ea88021417a63a0f9ad
- SHA1
  
  0f0bcec8e151f30db07620da3573e6202bf6bb08
- SHA256
  
  77901588d513788e7bba467897bd688367197dfe4bdace3bf762ff1de24db3a3
- SHA512
  
  6098243876ef9f960d60f0e6b2c6e5ff0e848fd89f532f67b62b69cb487e44947a1ac1feb9d84df6847f13344afa1c892e67bc89e4916896f48a8f06191fd78c
- SSDEEP
  
  12288:/5QkJecOuNPel0EI+TCV8se7DEs5CSt20MXmMU4pJym:zQcOuhex+A7DEEvt20M2f2Im
Score

10^/10

formbook b3n1 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/ohbpyoj.dll
- Size
  
  339KB
- MD5
  
  f4d79c46904300d09db5984132baf59c
- SHA1
  
  0d7f273647a202126ce60d81c4fcccd8d3481231
- SHA256
  
  d0caae610e4e945c5bbd52613d7ef2eeb9aa9fd58f731dae92da9a0feb617b0c
- SHA512
  
  4276b9abd57ab926e326fb1939fb37ceef2219cb1e2bc5f3ea7091b3d2ea9600a2e18ad1eeb79d568a77294803cbab66ac8d4fd5413b200dbdbe8138114485ed
- SSDEEP
  
  6144:T7fbo4suTTOpTMRsgfLjdd1MtItAmocJ1Ljl9NGkN4pPY:T/o4sJp70xdCqtAuBzNGi4pP
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4