formbook

General

Target

JaffaCakes118_08b37186bf5900314ff26172bfc0f2ff35a2f61ec2bd1be1e2c7031af9bf5358
Size

854KB
Sample

241224-s7v75a1kfv
MD5

5fbce37a34ef2077e44daa6a82f6d361
SHA1

ea1033d23f1b3678f0ee57c0b1e00dce947c5286
SHA256

08b37186bf5900314ff26172bfc0f2ff35a2f61ec2bd1be1e2c7031af9bf5358
SHA512

8f9ec9d28dcdc079c24a59f35eee7ad6956fcc105386ee5957d3530283bc50dc07d4e368b5e906bf9e67c9d91a4e60d851c2969dacde49b19d597b0608e44938
SSDEEP

24576:jbi+SHAFxwhOruEqLtXos5HmIlZbeVk6/qY:jbi+gK/nqLtpjeqQqY

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

su4h

Decoy

dopestartalentsearch.com

xeneln.info

jan-stollenwerk.com

footjet.com

globfun.com

drygoodsnola.com

cartayamedpsy.net

morganamelia.com

renoportapotty.com

cybertrucksclub.com

sl367.com

bandwagonpresents.com

npaczambia.com

infocom.management

gm0451.com

coloring-page.info

jibkokmaket.com

stickynoteplot.com

remonmikan.com

mcalweeimports.com

Targets

- Target
  
  742dddbb8dfa6ac7125c8f7de7197163c111ee6d8f1ff4ff0382db223c8461a8
- Size
  
  1.1MB
- MD5
  
  c078c87514cfd7cae5d932325fad4625
- SHA1
  
  40ff7130fe87f96a133f41aea4eb9ff75be6a5dd
- SHA256
  
  742dddbb8dfa6ac7125c8f7de7197163c111ee6d8f1ff4ff0382db223c8461a8
- SHA512
  
  355f0badda14c4fa19fddf3419dc7994fb08c45f3657cdf7a7e208005c6c26b2f01f0df85031148e01031a32e6ae1ca1b76658e7b69b293670293bc2757c2e15
- SSDEEP
  
  24576:gMTzqeqLpLGq1hhh2czxF8Uo8J6Iti5lcIIoIhI:1TzqDDr24oUt6Iti5lcIIoIhI
Score

10^/10

formbook su4h discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2