formbook

General

Target

JaffaCakes118_6a02b032ec9f2ab8fd607270afb20b06143ad445d32fb2e3eb1ebf1fbccef951
Size

336KB
Sample

241224-ckb8qsyqbm
MD5

7faec042ead4a8402e9097c35bc88a74
SHA1

6040d26db1804db01d3b2687f12ad21fd07068a1
SHA256

6a02b032ec9f2ab8fd607270afb20b06143ad445d32fb2e3eb1ebf1fbccef951
SHA512

da39bef06777e105edacb242f69dc2e8fb30097b32a436c1858dee34d9ba964c67f744d21eca1cc58297b88c61c6f5d6358bf68d0fa09d44784abb57c4958208
SSDEEP

6144:rGiPsaxUSMQAvIm9mebmLojolPgznVVYGWSarT8HzIn:waxW99DZo9gbArT8Hz4

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h2b0

Decoy

coastmortgageloans.com

sejt.xyz

krisandmeigeni.com

personalbias.com

cubana-pablo.com

nipahvax.com

cxyzjsrc.com

trttanks.com

yoko-by.com

sbyidn.net

metainstagram.faith

katsuyatoken.com

trustminingfx.trade

xsightvideos.online

localemergencies.com

2ab0.com

idahofloat.com

ourdogdream.com

thebestmediaguy.com

forthesaltysouls.com

Targets

- Target
  
  JaffaCakes118_6a02b032ec9f2ab8fd607270afb20b06143ad445d32fb2e3eb1ebf1fbccef951
- Size
  
  336KB
- MD5
  
  7faec042ead4a8402e9097c35bc88a74
- SHA1
  
  6040d26db1804db01d3b2687f12ad21fd07068a1
- SHA256
  
  6a02b032ec9f2ab8fd607270afb20b06143ad445d32fb2e3eb1ebf1fbccef951
- SHA512
  
  da39bef06777e105edacb242f69dc2e8fb30097b32a436c1858dee34d9ba964c67f744d21eca1cc58297b88c61c6f5d6358bf68d0fa09d44784abb57c4958208
- SSDEEP
  
  6144:rGiPsaxUSMQAvIm9mebmLojolPgznVVYGWSarT8HzIn:waxW99DZo9gbArT8Hz4
Score

10^/10

formbook h2b0 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/cwhxmitph.dll
- Size
  
  178KB
- MD5
  
  e168e018ae7b50b12ccbf621f92a8d80
- SHA1
  
  f58c9aca0a2d1f9598fab015124ce3b7b90b973e
- SHA256
  
  b13b4eef285efc06e845504a1daec9949d4182c34a9a1737e65c87eba4b04a7a
- SHA512
  
  8e4e3b74f4ce9b2a4569d291c23763c3785f3582c199c3be75f462cc4cc01733b287161310733d5cf8c6301cfe25bbc28ebefacb4b944d6acb19fd2f04219111
- SSDEEP
  
  3072:L5qpSYH/rb0G1zCObTntqxM5p4mLZAR8fWzP:6HeOHntqxM5Sm/QP
Score

10^/10

formbook h2b0 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Loads dropped DLL

Suspicious use of SetThreadContext

Formbook

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4