formbook

General

Target

JaffaCakes118_fa2438aaa59415efd6159ece227f7f57a1f83568f6af6faa4d2e0827e8eb0dab
Size

764KB
Sample

241224-btm6xsxrcp
MD5

eba62a5afbc2cd913fb2f436d78d440b
SHA1

48340e9cf86f335ecc5d806564f51d769eb0df34
SHA256

fa2438aaa59415efd6159ece227f7f57a1f83568f6af6faa4d2e0827e8eb0dab
SHA512

cc145f59d8d55ff490a56d4d442398ad35560ad8d139e6a8406169231569f17ca4314d05f963485a780c57be8ead9f5ef49b0ba5ae22a2594456eb6ce5326433
SSDEEP

12288:MbmpiBDXym+cyqM8OQEpw/nVwKorUs1Ag9CACJ3aZKDOcNA5av+BjgAC7R:MbmpOum+cy+O3EnxorUsXQAKZNA46jgV

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vr04

Decoy

collegefootballrecruiting.site

charlleysmith.top

go178.xyz

livingintemeculacalifornia.com

polufilm.store

hupfcc.cfd

evoluntest.pics

nunyacandle.com

ciel-de-guss.net

contactparadise.com

parraswap.com

ireret.store

tnvre.site

teatopia.net

friendlyfarmcart.com

juchitronics.com

sensal-jewerly.com

extrashopping.shop

ruby.credit

ruibest.club

Targets

- Target
  
  Payment 18102022 pdf.exe
- Size
  
  703KB
- MD5
  
  eb566da5f09a5de0eaf16a15298a3334
- SHA1
  
  e31fba8a86fa6075628889c28c1eb0a8a30072c6
- SHA256
  
  8e2a59e64796ca70e6b84a15d632ebc5bff7427901b4b1f5ce854505fba40421
- SHA512
  
  2f086333a1365a5dd82d526810a7ad05afc36a8b9cb5b8bd8078bb8a2e5c738e1e9ef778f0ff60c505e8acf70455bd7e5a26a52affff4d0a3261fbc613bc24ae
- SSDEEP
  
  12288:4bmpiBDXym+cyqM8OQEpw/nVwKorUs1Ag9CACJ3aZKDOcNA5av+BjgAC7RX:4bmpOum+cy+O3EnxorUsXQAKZNA46jgF
Score

10^/10

formbook vr04 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  flsfotnhhg.au3
- Size
  
  5KB
- MD5
  
  dc303ae1e97f6b53051e3d0001a3f607
- SHA1
  
  e1a4eb96d39dbc0e16092a98b730f17eeccf0ebf
- SHA256
  
  3602082b3b4bcfb1a35a293677772cbdb390976ffdeca481d497a38eaeb27181
- SHA512
  
  6d221b5aacfc12d5122a748b95445647cf39d48566dc9e7895fbe60d59c18e26673d9c5b11aeebcbd104ab0d1d2785c3aa113cda06b6ec0f9e58124e44e10a39
- SSDEEP
  
  48:/FfjfTsofTLfrfGfNIfU5f3M/APCMeMXMeMXMeMUFMeMCFjFfMeMXMeMS:dr1njO+g6Vho
Score

1^/10
behavioral3 behavioral4
- Target
  
  xrknt.exe
- Size
  
  925KB
- MD5
  
  0adb9b817f1df7807576c2d7068dd931
- SHA1
  
  4a1b94a9a5113106f40cd8ea724703734d15f118
- SHA256
  
  98e4f904f7de1644e519d09371b8afcbbf40ff3bd56d76ce4df48479a4ab884b
- SHA512
  
  883aa88f2dba4214bb534fbdaf69712127357a3d0f5666667525db3c1fa351598f067068dfc9e7c7a45fed4248d7dca729ba4f75764341e47048429f9ca8846a
- SSDEEP
  
  24576:fYgAon+KfqNbXD2XJ2PH1ddATgs/u2kaCB+l:f37+KSbq5e1diEnHaCK
Score

3^/10

discovery
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6