formbook

General

Target

JaffaCakes118_1ce5193f8c40de6f403487483ac4bab962e5bfe73a76b3f5c4608c0bd9c9f20a
Size

473KB
Sample

241224-vrj62asnbz
MD5

87337e19977adc3355e1cef984f41e0a
SHA1

eaf81d3454e6173652f24c4cb76bd00c29721e80
SHA256

1ce5193f8c40de6f403487483ac4bab962e5bfe73a76b3f5c4608c0bd9c9f20a
SHA512

7827650c210bd42bc92b89f59a7d0d9e13980ea5212172738c358ec729cd78899f1d6b7f0ab5a99ff826aaf54a99bc2a81120923b9963040f7526f2600cfeb17
SSDEEP

6144:lXtshCT0uaxReIP9z5hcQwGlY/y8ch1+DGwC1CqbsT5ZR3z+L1du0CewKagOCXPi:lXoCIubIltpQCh1+CtCZ9+f++Jq

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ch24

Decoy

tmicp.com

lauriceiker.quest

neighbor-works.com

santiemprenderich.wiki

thecraftytxdogmom.com

abramolfactory.com

prettylittlesoles.com

thistimeandilove.space

imperialshaving.com

aflorideallgarden.com

thbfjs.com

marketmove.info

echocoins.com

ztkzw.com

sandyhookfishandribhouse.com

gamesxfr.com

frontline500.com

cbburrnet.com

boliviaoferta.com

jdzmklc.com

Targets

- Target
  
  7084_00_WPG_20211716.exe
- Size
  
  630KB
- MD5
  
  c438a205d0a5c285ac98f558ee669dfc
- SHA1
  
  1c11cdda027a795b929d4876d04cc2c27c89219b
- SHA256
  
  e04c2819db3610dc0498ae022644d1b2ab06927cc4fadf23b200af70b551d6d2
- SHA512
  
  692c32154133d1682e756379b83440c74a78e8bfb00ec6f3b342d1eb3cd74c5e511950ba5342ce08f5d5a5727c6ba86fd47a66c27cefa54ab2f93a8ce5a2925c
- SSDEEP
  
  12288:KUNPWZCOO2120vc6r9o/gvb5zWeLlor+d7UuB45iEbgXP:KUNap7E6poIvdWeh5j45iP
Score

10^/10

formbook ch24 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/nibn.dll
- Size
  
  355KB
- MD5
  
  2903025272487bdafaac262605b15219
- SHA1
  
  c9175643f7ee479e45cb07a475d6ed2570e5fd3e
- SHA256
  
  729a24f2784fd7f9f02f9696e692f629370a150a1ed5e47b74efa2b0b5bafd72
- SHA512
  
  d9d0826386d3ce95f94269754a65b2bb37571b895e67df7a9aa426e46965cf393418abf030ba6a1b9e3de020609d598f821aac7c150e339f12cfc112ee1d4bd3
- SSDEEP
  
  6144:5aABsU0Ln/bSe0pcKSdl+l+Ty129bbPUx9Uxu0keeFhkP:sABt0L/bSnpSdlBi29b09Uxuhre
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4