formbook

General

Target

JaffaCakes118_152a48809e8fdbf56fdcd03fe152fd95cd73bb3d0a8e396b4366efe7e7d18314
Size

228KB
Sample

241224-dpnm1a1kbq
MD5

111932c60ef225e5621e602290f0a803
SHA1

147d335b14b14de42eef2b6525cae941848b26ed
SHA256

152a48809e8fdbf56fdcd03fe152fd95cd73bb3d0a8e396b4366efe7e7d18314
SHA512

d879f1028f31885581c4217fa1ecd77423dcfeee2461f90f164837c887b44f589a69cd1e6df61179de7bb93f25501c14dbe23b170e912d7654b6abaf979e5d2d
SSDEEP

6144:yNYkabIcMbd7cGdbPijk2j1nFLc6a/WlvgEd96lXfmopqE8Me:KYkBZdbxUutel/efrpEMe

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

uer0

Decoy

bonds101.com

lyotrust.com

can-amchainseurope.com

mysoulcure.com

hometownsmut.com

cxpzhy.site

hjklrmn.xyz

bsdminingservice.com

mockpacket.com

standwithkam.com

yxbdj.com

soulseedz.com

whxldjt.com

ruayhunhangseng.com

benefitcrystal.info

rahalake.com

cryptnex.com

comicslighthouse.com

ridenwithbiden.net

samsunbilsem.com

Targets

- Target
  
  INVOICE.exe
- Size
  
  240KB
- MD5
  
  98901aff995d92677cf637b241ae9a9b
- SHA1
  
  6dac1968c4a9ae4bf26f7fd38efb721fcf7d05dc
- SHA256
  
  fb6e849cd3af7e8b0c8143397e62a595a42abbfbbac81f2cdd0b2cb4d18ea543
- SHA512
  
  e969e941f176c67d1be598ac56882048fb2fc401e5a582b9f2314f09738d6b8768522ba5f67d8c80c260f1169ac103b8972084611a23ea9467c513f03ca9d883
- SSDEEP
  
  6144:Ds9q5ND7xrAX/6ccjpGYZ/T12D2TLV47VVgLP3CATNTLzcocuk:ySD9rAXCccjN/T1TRXbtcuk
Score

10^/10

formbook uer0 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fccff8cb7a1067e23fd2e2b63971a8e1
- SHA1
  
  30e2a9e137c1223a78a0f7b0bf96a1c361976d91
- SHA256
  
  6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
- SHA512
  
  f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
- SSDEEP
  
  192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4