formbook

General

Target

JaffaCakes118_380fd2dfe4b7be679e6eeca9c648e2f381a7f20b4640eaf2224d8e5ff0509172
Size

536KB
Sample

241224-n4jygaxkdr
MD5

2a877e638ca79ae9bb3e0a232a0e797e
SHA1

843f3771d1cd061fd979359cc473de7819089287
SHA256

380fd2dfe4b7be679e6eeca9c648e2f381a7f20b4640eaf2224d8e5ff0509172
SHA512

a09dadad346a1f49d734f4da8713d2b4aa9120fde52bd23457590ccd4db0a2dacb18f4efdc1966fc640236afd6d1ec120b78edaf2184e9833f50be372765c0f2
SSDEEP

12288:bmiKyMxtGguU/I5puTsELTmuCpVeR0LGCMXZLGI4IX:yiK7sguz5puoqmuCHY0wL5jX

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pna

Decoy

responsibleson.com

crown-friendly.info

cyberwastemanagement.com

broncoscards.com

artwithjessica.com

present-motherhood.com

alarmaantiokupacion.com

bluecollarjim.com

sneguard.com

digitalsept.com

terrycareerconsulting.com

watch-lover.site

funkytees.kiwi

xn--f1adbavc.online

hitchlove.com

elmejorsetup.com

koc14338.com

obruchalnye-kolca.com

zambezia-promo.info

mataangin.net

Targets

- Target
  
  Request for quotation- Enquiry No55.exe
- Size
  
  696KB
- MD5
  
  fc9af02d076b78651a901d8fdec5a0f9
- SHA1
  
  aba47907f5717185cb4caf13aa5e7a4ca2bf003e
- SHA256
  
  e6d2c97461c6aac9ea130eaa96f9927b57998c04b5e7573a555caa729178a70c
- SHA512
  
  4b202232e9a127d31cc56e47b01f43c0a4925b2da62a33fcdac7c23daecd85d82af33bce391f2dbaf5b847271d9c5ecd7ec6602575d39946ad61c6027d8bf6b8
- SSDEEP
  
  12288:7Ke0fsk2iNwRL1ROZ+NU/SbJKT1hxhH3c4STBmZNvAjAGM6Dn5pDbXteGm6t:74F1Su+ewJixoTBmZAK6Dn3nm
Score

10^/10

formbook pna discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2