formbook

General

Target

JaffaCakes118_30fc1041b3c56d616a7e19750bf513a80578167a45d6e0ff359fa6b6c31c50c7
Size

347KB
Sample

241224-mrr8msvpbz
MD5

1f902fd086c25392ab5b3b99520c3132
SHA1

41f3f7c0c5dcc531f4f2b4107c5a92c309277a2a
SHA256

30fc1041b3c56d616a7e19750bf513a80578167a45d6e0ff359fa6b6c31c50c7
SHA512

533cdec3c7b7b50ef42341da4df27585085aeeeecd0245a2e7ea6c4208270e46194a01f5290f819177204d6cfa7c2f809ae63d1385df023aa4f177a0ee5da836
SSDEEP

6144:kWxAlzz5l78a5sG5+B9LOUQKXry1S4KEwxtNWXtyJlUHINhrA4W0juCzVk4k:dAlzAa5/+BNS7S3xmtyzqQxDW0pzS4k

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s11o

Decoy

xrayagitate.site

mirchana.com

ucdaloi.com

mdjzw.xyz

palladiumroyal.com

mrpipewell.site

besar-nih.com

hempfoodeurope.com

newsletter.chat

lgkfs.xyz

didaftik.com

krediburada.xyz

anzu76.com

olafskin.com

mijnlidmaatschap-anwb-nl.xyz

brazilcocktailbar.com

mcgavrin.com

136232.com

omicronvirusnews.com

spanishwithkurt.com

Targets

- Target
  
  70849a1efa87c9363c62cdd0ca1ac5db34e13ae1e6803f5bcf4be9660b487156
- Size
  
  358KB
- MD5
  
  7e9e3aeebbafdb0a1fa065ee5ad217ec
- SHA1
  
  6064e1dbc3129e3f69e701946d54191b42eb6a92
- SHA256
  
  70849a1efa87c9363c62cdd0ca1ac5db34e13ae1e6803f5bcf4be9660b487156
- SHA512
  
  27fb97317d7484c3c770eb5073b682a76dd76bcb93c3475c979e0d7bf781f7d7de71a51761ea9ee239e53a2d39ad1e986cdc9efa22389934088daef3dec70d33
- SSDEEP
  
  6144:rGiF3GRJUnjyWkqKwmT20Wv60Dir1SNuaeTUqUPcLPTS43RIWi1ov2+fmIN5UgK:h3OJMLk5tESVTU8DTS43R4ovPfmWu
Score

10^/10

formbook s11o discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/orcyebry.dll
- Size
  
  175KB
- MD5
  
  3b4056f9ef87716b0e0ed45da70d258f
- SHA1
  
  59efd5883fee51f07066e92753be09454444da62
- SHA256
  
  a9b13e44fc7a247368e980cf20889619100caad4387662b639923eda30bcf9b9
- SHA512
  
  accbe50cc40caf0b4b2d0569b67fbcaa64edf35a68104e23e7d941be7ccf2548ae9d1e9b4b271caff0f828220055f50f9176c9eed0871a1c056f6e7cc1d8a04d
- SSDEEP
  
  3072:Kjv/DLvAkNjGyy0M+zFsrOhH/7rsYVI6yzVwU2gcw8BZDptiwJn6RUJ7h+Bk4:KjfvAkFGy7gEf/ItWLpwsptiC6WJ7h+x
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4