formbook

General

Target

JaffaCakes118_efb36f66d3f21331fe2369f9075789016f7f8df19a78e1011ad0b81e6b2a8e73
Size

434KB
Sample

241224-v4npzstjhm
MD5

4566a8302769acbeb5e5a05aa2b21338
SHA1

a0e5e7fc75d495b2546b35b2033049c295f53648
SHA256

efb36f66d3f21331fe2369f9075789016f7f8df19a78e1011ad0b81e6b2a8e73
SHA512

2ff726291c505c33ce0d47f45dbd42a69926b7b490f77372233053cce2723b555498bbac510ae18e48d1663d840281fbf032c7edaf6269bd8daf672fb6dc9772
SSDEEP

12288:gLhTWERahqts9lH9JANOhrdH2lMFVeJAAtzTEWiQw:gLsmawAYOp8lMB4359w

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

r3nq

Decoy

sausalitosoundstudios.com

whiteplainstaxico.com

kuy.company

retailraccoon.com

justinbuy.com

xn--80aaplnpvncoz1e.xn--p1acf

rooftoorder.info

kecaimachine.com

agdiscgolfshop.com

slothino-freispiele.com

nevadahempfarmers.com

noo4.com

nemetzade.com

williamcareyuniversity.online

zhongcarrie.com

danmcneill.com

psm-gen.com

betaalplatform.club

vicentcalabuigstudio.com

theriver-round.com

Targets

- Target
  
  3e4ff94c4eb0c93bfd6a2bb1b9b46f6b20c139ead253e717ce295601c52840ba
- Size
  
  563KB
- MD5
  
  34a990cb2c38d233203ddc44c9e8dfea
- SHA1
  
  e9af92869688a0e66e450e20107605968804f6b9
- SHA256
  
  3e4ff94c4eb0c93bfd6a2bb1b9b46f6b20c139ead253e717ce295601c52840ba
- SHA512
  
  b979cc4593359ccf63f180694e8903e5690730f609eb200a115f44f25dd4b48ac8faad3e2dfdd8eb607b17b2ee9a3f02268bbd0fec46353cea9cbf32c4f602c3
- SSDEEP
  
  12288:jWHCM2K4Caq4wLpCGOHYZIGXDbIbK2VF1GueSRBKvf:Z3Caq4142ebL2D1GueSRBK
Score

10^/10

formbook r3nq discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2