formbook

General

Target

JaffaCakes118_7e8e800eb23602914391d8a6fa4e185073708b243f32ae713e790460e366180f
Size

231KB
Sample

241224-nnnayswqem
MD5

b730fa6c17b1746f949e467c4414cd5b
SHA1

0e52591784bd6dc57d8e4eb5573edbbc3c61d35f
SHA256

7e8e800eb23602914391d8a6fa4e185073708b243f32ae713e790460e366180f
SHA512

2036232d926ffef42ffcc3908b140dd2950543e8b318c5b766d4d4369f9f43f31ce9f620ce1d478e98ef7b06a1acf119f7701c99b91a0323e18a6d3b8a171836
SSDEEP

6144:QtDZ4D4XFUR4+N7SiVQZT2QgBqwYUIXrJ/oLoGqM/VtXKa3q:QtVwoCjtSiiZa6UIXZFuP6f

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bk2s

Decoy

smartchoice.education

sofiaalva.com

angiepologie.com

ohiocommunitynewsnetwork.com

bloodsweatnskills.com

creaturescreate.com

futureadb.com

aimuseums.com

freetimecleaningservices.com

melissadishes.com

xn--tr-trkiye-t9a.com

uxlunexpectedlawyer.com

vinh-heritage.net

cyberzenith.com

zhaigoo.com

flirt-girls.icu

bestivfcenterpune.com

oxbstwnm.icu

chocolatejerky.com

onshore-energy.com

Targets

- Target
  
  file.exe
- Size
  
  245KB
- MD5
  
  b3dde83063baaefdf29069d8ae56586c
- SHA1
  
  a46e93859fc21ed36bc527441ea3abe5e72511f2
- SHA256
  
  881801925309c53cb0b35b81e01deb696f687753c68832d3b852c3825e9192e2
- SHA512
  
  89a6be5ac8c7e3291c3008c755a8babd827b0d8aa689625811977a660a93693ef6f782565be588866efc16bf8bffbf595987c4391d4ce33a0a9c93a5a83656bd
- SSDEEP
  
  6144:MTqjFaFHPGJiJhGXpHHiI5vLsow/4gbQOECWImPF:MfFHPG0GXpiIdLK/4AQOELhPF
Score

10^/10

formbook bk2s discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  56a321bd011112ec5d8a32b2f6fd3231
- SHA1
  
  df20e3a35a1636de64df5290ae5e4e7572447f78
- SHA256
  
  bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
- SHA512
  
  5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
- SSDEEP
  
  192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4