formbook

General

Target

JaffaCakes118_c9549188a883c695f762d2af10e33868ce431ab96537bde6e81824364f5d4f89
Size

229KB
Sample

241224-rlsdnsyrdw
MD5

1dffb102a0db860c6d7aac23bacb381b
SHA1

72f489184213df3eb8b9996e4503658f3f861373
SHA256

c9549188a883c695f762d2af10e33868ce431ab96537bde6e81824364f5d4f89
SHA512

7a74c4ee2a9035be3b2ff4750de86380033e0badf1effdf99da7784cb0718b28d9a1e40786a57f30e406e0b20c59c0b84b1688dc5d8a1b4e07faca7d2da25ddf
SSDEEP

6144:BGZu/Kw8ioBr4AsyJrxMLnGIgIdBnBOtZ1TMQq:Bj//8ioaAJlxMRgIdWNMh

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sl12

Decoy

monsore-records.com

discoverthis.world

ishop-brasil.com

foxeshaveholesintl.com

currenteitherknowledge.xyz

haaph.com

leggacyfarm.com

theaudiobookdb.net

ungerstahlbaubrehna.com

cliphindi.com

thht86.com

b4d5h0t.com

yashentcbsmall.com

ltcibenefits.com

allwaystravelservice.com

1gethear.com

elstery.com

buyervalet.com

snowyrangecpa.com

bshuan.icu

Targets

- Target
  
  S12GF803.exe
- Size
  
  252KB
- MD5
  
  6aeeb261a692fa9e104320c7247968ef
- SHA1
  
  96c1ef5d7f32c4701557aba801ddf192f19c163f
- SHA256
  
  4f6f954d067f1af2bf8caca9e7ea103d8dbfb7507514847b999328e108b456af
- SHA512
  
  04f189b93c29424f4c840484f19beefaf831952e62b47bc3f03699a9bf084990862638432371d029babcbe7d437f7ae6f91a166fc1b377932ab2d24a1f974bbb
- SSDEEP
  
  3072:/Nyah0mJh4IKLAtHeekOLYkX2Y5hpwdYfBiZVekqdz2wB1EcbTVdEuCPxbS3G549:/waqMYkmY57wdNZVLcqw8cbzP/F9
Score

10^/10

formbook sl12 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/gtrvk.dll
- Size
  
  5KB
- MD5
  
  3627e0a769af64650e5ce46db6bb0532
- SHA1
  
  e203eaa9b1ad5d324af6696f5d1a62cd58e3513a
- SHA256
  
  a5699137065d3f0f5a26372a17eecc76905599435d866608f10c38760eb43e52
- SHA512
  
  044cb6198c848e4edd870fc9a5647e6a4644753986f2557da0babb0c9004ca14031b93c4db92d84754a297619bb87bdb6f847a3887c037180df4603583b908d1
- SSDEEP
  
  96:q6nmydg7sZIu+kYVz2LIu+3PSehGfZSfl59CC:B1dvIH+I+e6AfR
Score

10^/10

formbook sl12 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

Formbook

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4