formbook | 99a840d4975556606c5c996a4b939ab0351a7a1839109433d0d8c4c5ac2be75e | Triage

Sharing

General

Target

JaffaCakes118_99a840d4975556606c5c996a4b939ab0351a7a1839109433d0d8c4c5ac2be75e
Size

235KB
Sample

241224-t78nwssmbn
MD5

33a2f7425a638aa6269f242dacd4fad9
SHA1

a5e3e3ab1b584d4bff95769da8252ab1ffefaf74
SHA256

99a840d4975556606c5c996a4b939ab0351a7a1839109433d0d8c4c5ac2be75e
SHA512

01739e73bf96587dd2c0485fb56f8f9a98b9c2bf478d6f4aa37ba7b9972a0428b4822459c3b0938ca1da364f81f6ae6c8b909cca3b3de124c81384d6a44ebabf
SSDEEP

6144:HOljOI4m+BvZZFf+ZxYka6mWKXEzZTQsJIVFvWk3R3f2KKSElmZrnd:H2qI4rNbFuxzt9ZTQWcFvWk3R5KY5

Score

10^/10

formbook u2s7 discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

u2s7

Decoy

mixso.site

rlagnin.com

imini.top

grapejulius.com

pkcomputer.online

surepolka.com

petahansen.com

rodriguezlawncare.net

oscartheelearning.ninja

gcubaang.top

learnserver.site

weddinginthehamptons.com

doctorverma.online

epicsx.com

signmole.shop

storetrade.store

htlenderschampionship.com

tigerexch-official.net

momentum6labs.com

safetyconsultants.sydney

Targets

- Target
  
  PO__63537353636___IME JPEG.exe
- Size
  
  247KB
- MD5
  
  ea63eb54dfdd8f74262614563048a01b
- SHA1
  
  7ea1cc47710b4c399fac4cb9152b42fed5ec7f59
- SHA256
  
  3ffe776b0fc18193afce55f3502e1c895f7a10d3b01604f9953a1beb72be97fc
- SHA512
  
  acd89deb5f8d3299c5801f67149bb5bb70a6388c9939d1bb1fb4bd3aeda5704afc9b85db7b2d993f59e14340ea74339f7d806f1ae885db3745aef2a5a9c4b5a2
- SSDEEP
  
  6144:DQuqHcCDhh++6Cn6lun/ur4oCXQk4OvbqRK7P0+Ar7:kBHcCDhY1CGu/E4oCXQmzqRa0+s7
Score

10^/10

formbook u2s7 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooku2s7discoveryratspywarestealertrojan

behavioral2

formbooku2s7discoveryratspywarestealertrojan