formbook

General

Target

JaffaCakes118_f102a9c9ef0ebbe9dbdde39b99beef77e6653cb2c1179def09981c506b23f20b
Size

940KB
Sample

241224-qprqwaykft
MD5

7d4a404601e4ee4aa18068126d0175d8
SHA1

c906ae42315460d282e9bfd5367a39864a886039
SHA256

f102a9c9ef0ebbe9dbdde39b99beef77e6653cb2c1179def09981c506b23f20b
SHA512

33b56a8e84993e96b7b2f4e7d688839ccdf412439fe6701a3a626e846cf74173919163dac6a54c076aba2f6a538853e705e2e7f032973ff12ae4cc15c45cf3c2
SSDEEP

12288:WZ4+w7pP9v7M/UzcS8chIJniNFxeaUE5XF4Hgt6QPTgUfhxBcUjJD9DVTD/oPkHb:ICpPF7Q5SxMWr5V4U/ssrjJHlV1wEV

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s0s2

Decoy

stripe-forecast.com

perfectingnextstage.com

primarole.com

nonnydesigns.com

wordsofweightandlevity.com

mafleursam.com

hardwarepicker.tech

minex-intl.com

thenextbigtech.net

rabeproject.com

sticktogracestudio.com

releve.space

readoku.net

carings.net

nasdaq-ex.store

au-techng.com

thethoughtgenius.com

how-to-learn-languages.net

kitabisabelanja.com

awndka.xyz

Targets

- Target
  
  scrss.bin
- Size
  
  2.1MB
- MD5
  
  13a0b0388851bb224b5a71b9ad3bad48
- SHA1
  
  297372dc285474cf8f587c0673ff5638c982e4f0
- SHA256
  
  b062a9d743bcc3af9728b50385318d53924a65ad2defffae0ff625b6300280d1
- SHA512
  
  c235917d46d9c5c7ea4af374966eb98151ec753711f620af3295b3ec9ccf835f2946deede7fd5c7a68d2b2b13829f21fb2646aca1be399a7de1c78416aee8290
- SSDEEP
  
  24576:GM5ixeMI2troHK6vQssZJ/BeVIdB4Eg54uZG9q8QKXxOLXxDTUHVM38Q:B5yeMISavQs8peV6JQuM/zxaVM/
Score

10^/10

formbook s0s2 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2