formbook

General

Target

JaffaCakes118_da8700a12e72aab723d9939d71a36df7a40c53a4f11f3d5ce48e4173d8cdf746
Size

287KB
Sample

241224-wn87estmdj
MD5

4ab8a30cbec6c834b5456f5bed80177f
SHA1

ef198fcfaddf512ad165a422a9d60e7674a89f36
SHA256

da8700a12e72aab723d9939d71a36df7a40c53a4f11f3d5ce48e4173d8cdf746
SHA512

5d64f3104fdc20031aca84c29813eb9b753dd410f10761d927e26b36d28417c64c631461fab3e1deb5215e42c18275f860de2bae62c236ca917227ba57844246
SSDEEP

6144:lwtwhU8wb07kgA4uOBFl2CSFlCGFKkQXUaAY7sw2Atq:qt8AgLuOBFfSk8Kk8AY7h7I

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bs11

Decoy

momentumcs.net

gifabricaciones.com

handwerks.design

kalviuniv.com

saatiin.com

anthonyjoelquezada.com

fantasticphoto.sbs

lifespanvisiontherapeutics.com

cameliaandco.com

loftycryphigh.com

webtrajpylive.online

perlerpalace.com

annemacedonia.com

oakandorange.com

arslantrader.com

nanhajim.com

ursula.biz

onlinebusiness.today

shishkin-grow.space

whoami.zone

Targets

- Target
  
  G-77904DOC.bin
- Size
  
  300KB
- MD5
  
  e133504aa7c92bcc8b358abfa4c36a20
- SHA1
  
  68a3dc52c35115003d74c224dfc3f9e95bd00c04
- SHA256
  
  58a064152959df9f0b10cb78b8cdcda6eae112619a7239ddc0c18547e7e3a598
- SHA512
  
  98b75db2b869e910565321e829689366be7f319cf6f3aaaac65d06a36b6985cbdec0e16261bfeb0f93b8a48d5b1c707ef28deb84430ccb738dff0699a3a5fd60
- SSDEEP
  
  6144:rGiwlK7jQRnqGFYtTJJr3+WZmHXH0CNK0d2Rr+oGJyRt1sy2:QcQxYtTbr1Z4/XZMwy2
Score

10^/10

formbook bs11 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  gavvjlio.exe
- Size
  
  107KB
- MD5
  
  4f1abaead61fe7411fc7c6ee5082d665
- SHA1
  
  b4ad83dea14c06e0aa2c2ca582b52a527ec01d77
- SHA256
  
  e6b54e61fb080c3f6efb98d3ac8d182ad859fee863cc43478c99d3660bec6bd5
- SHA512
  
  e045f7094df1552776c1542edef3066663fcbfcf7dcd9bc871de273ce087c898aee583f603f34532d94e8ee22f86b550c736ab9232f72c2966cd62613dc5baab
- SSDEEP
  
  3072:SqQXWDue89k9zr6i8vHI0Qy8Va7bcWbePB:SqQtaprkv+yb7bH6
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4