formbook

General

Target

JaffaCakes118_4668453d0a5a11997010b4d6650209152cba73ef6e0c02c528f5260aef205a5f
Size

1.1MB
Sample

241225-1ad7caymdp
MD5

04f52423443a6cc01329df2a3367f482
SHA1

b8c209ad0827132d656325f695f5d39f72f6dfe5
SHA256

4668453d0a5a11997010b4d6650209152cba73ef6e0c02c528f5260aef205a5f
SHA512

9387629bc2ad8afc86d898b18b761bc7e0d04603c8eb0d621db680d637f46e8c4d4d640ff39d8d8e7f3b4116c3162694625d2d51c8b4350fd4c37d6612bc54dd
SSDEEP

24576:3rjhJhRdZYBSRfcR+4OZL5swTSlPQKoxO+l8rICYYkyO:7VZ+R+4OjhTSlPQx83TYTyO

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

csn6

Decoy

abmppo.club

a-great-dbt-cnsldtn-uk.fyi

intellidiets.com

giventt.com

mil-pay.com

endnotesg.xyz

balconygraze.xyz

cureply.online

musicmaster.digital

animevalhalla.com

nmtoinao.xyz

origotukau8.club

environmentalindustrial.com

loredanaprofumeria.com

marilynmarilynmarilyn.com

brodysinghhukpb.com

cangguavenue.com

themagicmoose.com

teamonston.com

cumthem.com

Targets

- Target
  
  YBCNP6X9PSJDXqv.exe
- Size
  
  1.3MB
- MD5
  
  4dfab4ab0edef660557d063a7b787f32
- SHA1
  
  c55904a356c64da5812c07cdbc886fb64d80b2bb
- SHA256
  
  9ea19e6389c42486050f45551c33bf9d8f0b2417fc53975d97aebe477d368274
- SHA512
  
  94ca2be7e1ddd92abee498a1ccc44f7f79f14cab678faef4468000f2910b126aac2b4b423f050a78b2e03d1c7d19ec43908e49f6800b97dafe96de9d7a143489
- SSDEEP
  
  24576:c7XzodEMQ/3Q7+GOP0p2jQSM8eqIpQ916Ry/UE8izXOHtEga:cbzec3QCGd4jQB8LvocUdibOyga
Score

10^/10

formbook csn6 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2