formbook

General

Target

JaffaCakes118_136006b297c0cf2224c6029731d470efa5765cf12071525b4757c371e09e1ddb
Size

486KB
Sample

241224-vtbmnssrbk
MD5

4b124071b567b8902463acd7f2019f67
SHA1

9ba383945b7d5ebd06df39f01233509798dfc675
SHA256

136006b297c0cf2224c6029731d470efa5765cf12071525b4757c371e09e1ddb
SHA512

d0be80f6747835da999e0e89869caf9892442322de92a71436a15793886dfe0aed9d43be3feb51261f29be1e0e8a2c7c62d1b8eafad06177f497de504e6b9621
SSDEEP

12288:1yuf/oHC8J0Ql2HqlvGp4RKrQb1idAijPk9uprIdB:0MOu+GiR90dAizkupsdB

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bg11

Decoy

cc-creative.art

dinheiro.pro

rbkny.com

trifectatkd.com

cg-no.net

dificomd.net

smartdzedu.com

kembleinteriors.site

gchuoor.com

legion-models.com

livechatassistant.xyz

martialartsdiscovery.com

ozogfh.com

novelreader.xyz

soularganoil.com

jordanscottpottery.space

fitlineaustria.com

chuvop.xyz

skillgas.com

127x36.com

Targets

- Target
  
  620178.bin
- Size
  
  555KB
- MD5
  
  c10d8e2ba03e8e330199e67e61b24196
- SHA1
  
  74514a4dbc39b836140ad3b38c6ebd1fde4cb8b6
- SHA256
  
  6fea45df3c9acc6954753f6f3b2ea7a53707655fe75d828d5dcbf05342c99411
- SHA512
  
  1cf2b9d6a8b5b39d7815ba7e6e8e02cd88a826f6b861bd22bd1916b32bc8de93eadbf1ce793971cd344c6ee935b33d7fc2dccfaa228dc5b6f162086d9ea69c87
- SSDEEP
  
  12288:b31hW+URZrVRKCUFg+ew67N+brE3IoUFf00x8:LORtVRKLuVSbrZjx
Score

10^/10

formbook bg11 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2