formbook

General

Target

JaffaCakes118_d35394d358aa37fbd6e6e8e43cd15bdf1fed1d65a35e63a077c10b71ba77f612
Size

456KB
Sample

241224-ln48cstreq
MD5

8d11fc0c0d37abff97007f8cdc99366c
SHA1

6003eb81e6118193827735456064f569fc70cfc7
SHA256

d35394d358aa37fbd6e6e8e43cd15bdf1fed1d65a35e63a077c10b71ba77f612
SHA512

7108979349be257538e5d660e02eba4d5635f762baadb9d538db4b05fa50cc47043316eadb7222eeb5b3336aabfa9c76c0d63ffd5c35eeed8f61f6d61ab2eb57
SSDEEP

12288:Fw3p/HGNZ57EtNxyoQFH1uDPFpYCp5RyVT3QX1Uu:63p/H+Z5QrxyoQfur3yVTMUu

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ghgn

Decoy

nongnongqingyi.com

memojav.net

nothingbutallgoods.com

qiubaogu.com

consumeru.net

whitesandretreat.com

protectingtherepublic.com

rkpnews.com

captaincobyscajunseasoning.com

happyfilings.com

mznqa.com

food-truth-app.com

16crystallake.com

theisanitize.com

livefeelinggood.com

skiniences.com

rethgi4.icu

bucky.cloud

massageexchange.club

drshesalipatel.com

Targets

- Target
  
  ae0ac982f4f70afcbbcffe130163b0d07f53eb4850001dc3e40cdc8921ef05f6
- Size
  
  738KB
- MD5
  
  bb1daddaf3592e05e82b0ab73e7ecd11
- SHA1
  
  e50eca290addbe7c13fde7c47f9297a2f4c59815
- SHA256
  
  ae0ac982f4f70afcbbcffe130163b0d07f53eb4850001dc3e40cdc8921ef05f6
- SHA512
  
  d38cf4b618e7a7a10ea4bfe2b44c77bab1986d872c3d611dfd3d40b63ce63f6f51e2d1b431ad31530a74230a42fd410eeae1caf17cc117ed0a2366d045a78adb
- SSDEEP
  
  6144:QyxwvjSY3fhgs3VIH9M7a+KXocVf1OqheTc4wscHLcE89KEaQe5xWwusXjR+C:lEuYPhgPlXJVJeTcRscHwE+reld+C
Score

10^/10

formbook ghgn discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2