formbook

General

Target

JaffaCakes118_dda79b7eae203d42ffe33ba36a72b7cb6fb438b3839d02de0a923dbd1b921863
Size

480KB
Sample

241224-lezxaatndz
MD5

e34eeb3fa0ffa3d91ef8cdeb1589f971
SHA1

9434a509411688cb715d99ad96e15a2745329d6c
SHA256

dda79b7eae203d42ffe33ba36a72b7cb6fb438b3839d02de0a923dbd1b921863
SHA512

341182a6c20bc3d872c9682192b8da36641f38018d52176f46455768f23de208c1e5c56c320c65a9c8f2c2edd2a0c559ed7a991b707eebaf60114b9e09131316
SSDEEP

12288:xM4Kc8LzsGxnSRvsrEL0oK7xEdIf1+c+pkKxOx1F:xkzLYGxnEfL0qd21+fpdxON

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cxs

Decoy

padronadominante.com

comparativeadvantage0.com

city60work.site

sewardtaxiservices.com

discipleteam.com

davicostone.net

dein-novoline.com

zahnaerzte-ungarn.com

kulakslastmaras.com

ctmm.digital

texasbriefing.com

andreaswidowitz.com

qygmuakhx.club

10002.com

darseke.com

saneindia.com

sheamourintimates.com

7keymusicgroup.com

heikeheitmann.com

gmtransports.com

Targets

- Target
  
  Scan 14102020 Pdf.bin
- Size
  
  842KB
- MD5
  
  ceb2a8890994def6229b5945b1a02698
- SHA1
  
  bf6413ba7cdb1173c57f81a306bb8c1f8f8a435c
- SHA256
  
  fe65fa62aa5faae469d713048c41171a0bb4546e2fd3862fcdadc38ddfb5ac35
- SHA512
  
  35897bbda670bb577754286e7f37223297d4428401638319640610b85b6a37e73c068862d638d296d2b91f79366e7ed913eea652243eaf500f72b9dc0fef86e8
- SSDEEP
  
  12288:uywTFD6r91Yk/yHVMSVBltzbGmbaLd7OzlpUFN55ywJLxK/SWpqpAEuIU/1v:kgp1Yk2MEltHfGLdefUJ5BLrnTU/1
Score

10^/10

formbook cxs discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2