formbook

General

Target

JaffaCakes118_e0e11ce8bf86f5cd9900d04a5d390acd8370003735d89cf716057f898c85ba39
Size

1.1MB
Sample

241224-bvhylaxreq
MD5

c371f8dfb53e2023fd397202634d692c
SHA1

4c2ae13624f822116ca31450881048d5b6c8ef7f
SHA256

e0e11ce8bf86f5cd9900d04a5d390acd8370003735d89cf716057f898c85ba39
SHA512

f1eab50ec1022617cc4344472ac81c7e8a081ead5b2eeb2ac04796216786e02ff217be4d3d3d70fb9b8dac6fcec5ce6173862526c638ce4ac7a6b63df9cfc853
SSDEEP

24576:KXs/BH98/ZTYWLaxuj3gfbsfsbRDz1YzJpux3fo43BHWx8m8c:KXs/BaREWsudARDpqw3lsn7

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t01w

Decoy

yeluzishiyanshi.com

thehardtech.xyz

arrowheadk8.site

zaulkunutila.xyz

lookastro.net

congregorecruitment.co.uk

darcyboo.uk

collettesbet.net

ltgpd.com

hiddenapphq.net

haxtrl.online

esenbook.com

jxzyyx.com

ulvabuyout.xyz

instashop.life

vazra.top

ewdvatcuce4.top

zhishi68.com

fabricsandfashion.com

hootcaster.com

Targets

- Target
  
  textttr4809.exe
- Size
  
  1.2MB
- MD5
  
  6a85b6fadb20c016b98e8ba0fcdfcc44
- SHA1
  
  c5c423ccfd6539ba04f56221bbb79c83baa93be4
- SHA256
  
  b4855381993299ec39524043aa7f8898a4fe64524ab943bc1db297f62c181824
- SHA512
  
  3e5827593da1dd78df4776ddc35f519791ea45ffa6d6d371b6b531ca4b0a030b2d8c296e093488beda886ad652e281c32f7aa830d57523730287c53621327e5a
- SSDEEP
  
  24576:0AOcZ2i7uyaiDbX1Z0JsyNVaCpaQj5HUSIOg0+MkYGEy:igDbX1asyiCcw5HPnS
Score

10^/10

formbook t01w discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2