formbook

General

Target

JaffaCakes118_bf6513dbe99d57322fde95916e2955faf9a3f83803aff2558903023d53882fc2
Size

299KB
Sample

241224-mwkdlavqc1
MD5

f728e124c027fedf1ac56938fe07555a
SHA1

b4f4e4e5539700c80f1b3dc704e00e109873a236
SHA256

bf6513dbe99d57322fde95916e2955faf9a3f83803aff2558903023d53882fc2
SHA512

6436e882c2937e79bad37b97d041d363758f150a5dafa252d95acc512ac112284e5754d9a096acb719184966b1be18913298f85198dc29d4832c0cea16a48c04
SSDEEP

6144:mnzhaNN6rX7aUW+LPvi7wT44wyZTvYvbog6Kfwq+TAr9:mNa+rL1WGv4wHwyZjYjJWBy

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rwo

Decoy

byyter.com

getintimacy.com

toptenvapes.com

coinbaxie.com

fiebluw.info

doerwang.site

795809.com

cuttingquarters.com

loveinspiredtees.com

504oysters.com

laboratoryinterior.com

techguybrian.com

twsexy2mm.com

photocatalystproducts.com

frankfoster.mobi

busingasim.com

cardanoapp.store

fhstzy.com

sanctuarytherapycenter.com

ctc-fra.com

Targets

- Target
  
  quotation inqury.bin
- Size
  
  629KB
- MD5
  
  fd9b04760439ae4dbe36397690b42380
- SHA1
  
  5dc6d63ef88a09d219444a902b99100c2b0e26be
- SHA256
  
  15e41f9b684c8df81ae0c2d5d68a036cdf20593fd72d0c7200c2da474a813f30
- SHA512
  
  c0aec2a570b5c80da005c113a7e9762bbbfec177ff1473648375c4425e46ded5cb66aff20f2b14f14f84957602add948adc5e9f28027a73704aa8dad1cb76807
- SSDEEP
  
  6144:TOnJca2zaKjDtzIiYWOcMQF1Nej+zXtUw3YFlv/Dk9C+rYW:TqiqKjFBHXNeiT2nqt
Score

10^/10

formbook rwo discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2