formbook

General

Target

JaffaCakes118_aa09af471e4d8304972bb9dfffda6a3de155a5b9294f029b68e60b55540a6cff
Size

459KB
Sample

241224-wrvs7stkav
MD5

4eeea4cc589f5471d593ab12d03fb8a5
SHA1

57c12ca4fa0c4412409f3be270919da3e0ee5fa4
SHA256

aa09af471e4d8304972bb9dfffda6a3de155a5b9294f029b68e60b55540a6cff
SHA512

49d17dd54a4602908bb2249d94507a7750c9ad0fd19f5517453066b830764d82ac3d16afbda7a7420ee517bc37efdd43dd04952a6cc55f88c7783fe9097c294b
SSDEEP

12288:JdwZfJCpewnzx240H52UVNf0RxzOyHszS:fI1wN24M2UVGRxCyMzS

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

tw7

Decoy

prestige-reps.com

nhakhoaquoctesmile.com

sicumplex.com

in36972.com

hikoosbyheidi.com

rayinthecity.com

mjwestwoodphotography.com

radiopeek.com

attisit.com

hdcpos.com

xn--halise-1ua.com

bossroyale.com

blstd.com

wniversitet.com

bethumb.pro

romber.info

bergundy.com

kingscoop.com

antiquefactory.net

loiseaudejade.com

Targets

- Target
  
  PO.bin
- Size
  
  550KB
- MD5
  
  8a5940fa28ca1b3b684ca60d704fef82
- SHA1
  
  dd71435f24a40087de7c69d636891bda2a426459
- SHA256
  
  5f688c2a0311c1627e8adc2ed5bdf82dd9bef167cf6bb90de7cbc53c2e3c4052
- SHA512
  
  5e52ba0e4ddfde851d598ff60d16f10396c68ee603200eed9580f3b54d3ef553f9c695f09ec917e0bec35deb832fdc66d6abc8a1bbb4536adad695f2c7f6d730
- SSDEEP
  
  12288:Dth6kROZz/jHEG4eD2h0LKfyuqzYdaECH/OmApVQ:Bh6VzbSeioUyuAYgfRAs
Score

10^/10

formbook tw7 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2