formbook

General

Target

JaffaCakes118_aa4fde12b9f19c7e808afcac87317972c6f6fec9b3a53e0bd80d2a02e7aed01f
Size

637KB
Sample

241224-x8mplavmfx
MD5

5eaa5cab3c863997696362aace3316b4
SHA1

33fe75c7113585c9fc858fbc59b0d6c3ac0aedd2
SHA256

aa4fde12b9f19c7e808afcac87317972c6f6fec9b3a53e0bd80d2a02e7aed01f
SHA512

213e2ce424c602a4aa4c3eb215b9a44764b4ca7f61aac21a7c09753c92aaad2f1edd07c518623f0bc1091f5962f7b01dc750a999f8f22650dd686c495e5270c5
SSDEEP

12288:w0fDu6IgSqaU2HFVpnR1yd2P5tqlWBwUxfHkI5Q3qgbIu:w5TC2HxT82/q0bxfHkAQ3qgbIu

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

uegp

Decoy

firstregaljewellers.com

highgateshop.com

sorialab4.online

kurzneck.com

zonetechservices.com

akibul.net

khukhuanphongkham.com

lovelessneilsen.online

scholarlyresearch-guide.net

jagodda.com

comitivatratando.com

ynqjnx.com

rodarle.xyz

heroesjourneynft.com

weltreise.xyz

enstao.com

istilllmail.com

malayaoudh.com

xsdgia.com

palisadeslodging.com

Targets

- Target
  
  zYqJmECKmhz499J.exe
- Size
  
  1.1MB
- MD5
  
  54a60fa86dd57e95fc68c25d2d2949a7
- SHA1
  
  cac7af8b3cdeb3bc61593311f3a6851c82d01a69
- SHA256
  
  b2bd364a32ee75888d9343bfc3a16b9eb58151fd94b4f3c38890f6ba2256b2e8
- SHA512
  
  b95cfb7209f92084d0a70126e123d009f5b170a5526eeefcebeae136779952a02a90e4f799b18759ab21fd9c4277234cbba24f0d81b23d183dddebe49d61a692
- SSDEEP
  
  12288:DJPgbYHTFyemCjEpTx0pchoZ2XjpXV8ME03wBwMfkc14c1L/UxDbX6U55uQIjLmf:XzFyEE2choONl8z0ATfkcacJYjAo
Score

10^/10

formbook uegp discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2