formbook

General

Target

JaffaCakes118_fb57fd7428a4d7447e1203d03ab5058880ef6ef18fc6f99465c0aac2071ed945
Size

665KB
Sample

241224-vd25paskdy
MD5

d240b5b807ae0bfc16c2cdb079c8b138
SHA1

b7013324d624c45883fbd5080dda470401f0ca09
SHA256

fb57fd7428a4d7447e1203d03ab5058880ef6ef18fc6f99465c0aac2071ed945
SHA512

1c59962c052a304f793e40098a8a3d38882fee81b08cb18d71aa74ed54f0d7c7eb55b0acae24f3e30b6a4373182eefad3f6d6ae8d1159e7b632f12e43bb068a2
SSDEEP

12288:nMw9Obh1jK/au45/l1/E1GeLN0Q6BoRVNhFKexsuMaSUBC2DqAst2I:MNGgrEZL2QwoRlIAvCYqAm2I

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

fuyb

Decoy

ySqkimeTE13H2ewGja9LGg==

c6a/mIndrz59qJ+/EZkF1VoKrQ==

puyjGw1Sa0A3VV4KDnqRFhr2jQC3fkc=

AjQ3LKQUXkyY6xtK/7v2VD32hgC3fkc=

zDZkS4/T4a3VFha4ja9LGg==

JYyS87zY2KSlwbAZq3Qx

Ip0fCecSq7T3ahlotm5p155TI2M/

ipYI7ki2JoP3FTV3DtjWeBqU

OG8mkGOZ5vPkBbwTIYpvwW92C8E=

GqbksepyJ6UgcFGPUA==

1zpmT4/g7AdL

2/gE2eXTnxzbcFGPUA==

CpK1phq0TrU3RnkgGKxt6tY=

4CmsHJMoNyxlsVaFx6W+iDee

+XypJGn7A+XcAFHrZ9Y6

UIAQW44G/tnX6JtM0n7UvqqR

6DHlWlGVuDDXcFGPUA==

Vp7L/Td2KXf8HL/RDePWeBqU

SnchgsBScnGwB7yvQgEqQPV0f8k=

wgMo/D7YcYh7ezwb6js=

Targets

- Target
  
  db0d06fa07ee8e6e77913e27ddfcd29639bc382b68a75c86c4a6e2f5b4781530
- Size
  
  1.1MB
- MD5
  
  5ef0396427ff796a37b983f3baf84d5f
- SHA1
  
  7dc04df23d8c3f75dfc143db7d92e0eac4bf5d1b
- SHA256
  
  db0d06fa07ee8e6e77913e27ddfcd29639bc382b68a75c86c4a6e2f5b4781530
- SHA512
  
  f619f9a7f092554fe2f7538df9eb8e9f9b479ba8e08ac9a0d95afa1c1f1353cddc557ba7bd7ee85cf8fdf43a126de63cc2920d402dd8730246fafdfdf61e36a1
- SSDEEP
  
  12288:vwDXz2hTd6AkbyKs1zMm42dEjeIeya86xYzSJuPbBMHlqjJ5npmhKgf81o3XjnVt:4YZoHs342a6rtZ6OM1MQjrg
Score

10^/10

formbook fuyb discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2