formbook

General

Target

JaffaCakes118_4bc9b634895368c7fbff430e5fae559d7710bdac7d6cbbf41d37f72bd06d8801
Size

1.2MB
Sample

241224-mcr94avlbx
MD5

05974805fc7f1e8e9ad84c2ebd6307f0
SHA1

448687036231b89faa7502544942b3caae045ac4
SHA256

4bc9b634895368c7fbff430e5fae559d7710bdac7d6cbbf41d37f72bd06d8801
SHA512

991943de4b3058dfa0e21f17f8c11054d3a318c4cde4942daf1302a685a8be9aa6210dfc041196e9d5e581975afa593d28404351e8297150cb59e054ddda03f6
SSDEEP

12288:/AsiJr6HjcETqvMrrSYuQY413gIaENyztD00sxxi0/js:YFlgXTgMKI9Q0NaC0

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b26m

Decoy

zmdjsbe.com

fredandbettysdogtreats.com

naaacyjl.xyz

chestermclean.net

hbxemu.com

daniandlaila.com

liantongquan.com

clubdjportugal.online

ambcu.com

clinkssamui4.xyz

oebfcdtwwkdpspq.com

swnlmu.com

asctechagent.com

melhorearotina.online

infohouseti.com

busstoppanicbutton.com

cheyennewindenergy.com

partlee.com

855408.com

beyourownbossbyob.com

Targets

- Target
  
  Quote NoRYU15674.exe
- Size
  
  534KB
- MD5
  
  4f75b9d6f4765318096199de4cc501a6
- SHA1
  
  ca57a26c665ec2b566fbd0c103cf44f6e0102810
- SHA256
  
  3295195cc0beb345e8af43273cbedbfcc631c4498f7a91bb1dfa82bfd1cda67b
- SHA512
  
  7596620eba746ebf0784970c80cf5c3ef563acb70dd0dd8a5762c0690e27eb84e311216924d82de8d28c47d3faec67a2507cb75a217364715fb25d37b7c6eecc
- SSDEEP
  
  12288:GAsiJr6HjcETqvMrrSYuQY413gIaENyztD00sxxi0/js:DFlgXTgMKI9Q0NaC0
Score

10^/10

formbook b26m discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2