formbook

General

Target

JaffaCakes118_b1c436a46f8d07d3624ddff94346d38ff0349fd55c9eef4be0185a61b840b491
Size

929KB
Sample

241224-sbpqgazpdq
MD5

5169a66e103b9ae847af49ecf8efb193
SHA1

44e891e64c62e6109f2b33c15a077b5c35214a1b
SHA256

b1c436a46f8d07d3624ddff94346d38ff0349fd55c9eef4be0185a61b840b491
SHA512

b628c682ce36a196f085d972043343ef164c680a0baa1198ff88f5c38010e25c79466d76698caa5238ab307d0fed45938f6a851ecf1320d562326032179bbfa3
SSDEEP

24576:asyK6fzapeIn3KUWcNz5HCgni/16cCDmg3:asyK6fzape86UtRCQi/16f

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g9s4

Decoy

visitmechanic.com

xn--kck4a7gpd474vx6i.com

prozdorovie.online

omatpupa.xyz

zamokwakhekhumalo.com

mayuraandchris.com

wanasahstore.com

bicicletas.win

yhdm61.com

mortgageattract.com

centuryofbio.com

xtdkgjt.com

nhahangnetnghe.com

whatsappsemcontato.com

onlinemarketing-teamwebus.com

zuevu.com

dancaronmusic.com

tingseo.com

uniflapline.com

setuppharmaweb.online

Targets

- Target
  
  JaffaCakes118_b1c436a46f8d07d3624ddff94346d38ff0349fd55c9eef4be0185a61b840b491
- Size
  
  929KB
- MD5
  
  5169a66e103b9ae847af49ecf8efb193
- SHA1
  
  44e891e64c62e6109f2b33c15a077b5c35214a1b
- SHA256
  
  b1c436a46f8d07d3624ddff94346d38ff0349fd55c9eef4be0185a61b840b491
- SHA512
  
  b628c682ce36a196f085d972043343ef164c680a0baa1198ff88f5c38010e25c79466d76698caa5238ab307d0fed45938f6a851ecf1320d562326032179bbfa3
- SSDEEP
  
  24576:asyK6fzapeIn3KUWcNz5HCgni/16cCDmg3:asyK6fzape86UtRCQi/16f
Score

10^/10

formbook g9s4 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2