formbook

General

Target

JaffaCakes118_ea6d4fde8ab002c8525d94e4ad415753ac6fc8353dc0aa01c3797085e1d5aad2
Size

1.4MB
Sample

241224-pa7m4swrhv
MD5

dbc7c8fe1d529f7925623fa62524780d
SHA1

9833d7af7afc7f7c70f7d40bb3582f17dbd535d1
SHA256

ea6d4fde8ab002c8525d94e4ad415753ac6fc8353dc0aa01c3797085e1d5aad2
SHA512

749c563f7d270d220b084feed2ea19f516294b0537499a810a4e95cf761734a7ed727a7675ecbaaa02d3b0e032122ef02a5d81621eddf9c53b435703df2894e2
SSDEEP

24576:ZCxhKzCg1vDBKufvyB9hslVsFrD1DxkDQw1:dzNDguHyBTslVsf1kDQg

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

awqu

Decoy

soltwin24horas.com

kaiget.com

majalahlangitan.com

preventable.top

caronandtom.com

2222k06.com

hdrezkart54ff.net

supermessage.xyz

dezeenb.com

bestatakes.xyz

californiasportsbar.com

hxg66.xyz

localxgirl.online

educ-ability.com

b2breferralshop.online

miamicollisioncenter.com

bjcxqcdb.com

barrineauparkbees.com

robotics6.com

web-bastler.com

Targets

- Target
  
  IFETESTEY.scr
- Size
  
  821KB
- MD5
  
  5c65b19c1209c454e3da03f65c50baca
- SHA1
  
  6b4520a5cb2be3bca572570bfce5245463883054
- SHA256
  
  78baa36f2d7dc4a5461fbe4fa0829151bb84361047d4d3cf4adad84308177afd
- SHA512
  
  079c3e95c46dff54ec137cb538bb825e74f19ba2505098cfedd85d08fe1c0b0d87d86740de86b47fd80c1df01e4a030046b4904d7ee5b44f273ad8fb82f8f383
- SSDEEP
  
  24576:ACxhKzCg1vDBKufvyB9hslVsFrD1DxkDQw1:IzNDguHyBTslVsf1kDQg
Score

10^/10

formbook awqu discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2