formbook

General

Target

JaffaCakes118_2f5b7954f66cdc0b94dd0ee4413b8a05a46c753bf4709fa9d3fb3914fe4254d9
Size

231KB
Sample

241224-tc4rfs1lhv
MD5

b9dfc51b5de83acb0142212b2400647a
SHA1

96709b314f5510bea071e8b08a02ded347d873f3
SHA256

2f5b7954f66cdc0b94dd0ee4413b8a05a46c753bf4709fa9d3fb3914fe4254d9
SHA512

8164e7dbf7fb44f03c2ad886a97e29317d95fd039b17efb992d95fe9717036b614794670a57ca23d1df23fe098de0b9ad0dd3278cf2c9339d9ec847d90026e44
SSDEEP

6144:9Aw+/inU9LvvT9HmBOg6wT/fZLaQl00Iddiv:2b/CU9LvvpGBOgFTVVSldC

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bk2s

Decoy

smartchoice.education

sofiaalva.com

angiepologie.com

ohiocommunitynewsnetwork.com

bloodsweatnskills.com

creaturescreate.com

futureadb.com

aimuseums.com

freetimecleaningservices.com

melissadishes.com

xn--tr-trkiye-t9a.com

uxlunexpectedlawyer.com

vinh-heritage.net

cyberzenith.com

zhaigoo.com

flirt-girls.icu

bestivfcenterpune.com

oxbstwnm.icu

chocolatejerky.com

onshore-energy.com

Targets

- Target
  
  doc75843.bin
- Size
  
  245KB
- MD5
  
  765b1bb3690c9bacdfa38e18d788efbf
- SHA1
  
  391f2f157ddec18660fa5aa397618c4b44cbca0d
- SHA256
  
  a3703cc485d2a99cfec122203ed2d7dd83274af8bd0b3bcfab3fd590dd5c308c
- SHA512
  
  057ca24da8f89fbb39921dfd1cf160bea8ead5432277b2e59afcc4894903d5bcb74af7b83c1e985a8ca3dc13e1951dd37f8a2cc898d97688c1dab88afb81feef
- SSDEEP
  
  6144:MTqjFAdWMbSChmll5dKk3jQXzk0KX03SfFnEx:MZdWuS3FBjQXzkVX0OEx
Score

10^/10

formbook bk2s discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  56a321bd011112ec5d8a32b2f6fd3231
- SHA1
  
  df20e3a35a1636de64df5290ae5e4e7572447f78
- SHA256
  
  bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
- SHA512
  
  5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
- SSDEEP
  
  192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4