formbook

General

Target

JaffaCakes118_53ad0f8f3f0f686856a1631a2306cdf452941dc35e5ddd3f79ec819d118a8c8c
Size

565KB
Sample

241225-1wg55azkhq
MD5

19148bbd0e5bbf5519f6ea860cb70a84
SHA1

374505ab95de91debbb7712913028cfbee654b45
SHA256

53ad0f8f3f0f686856a1631a2306cdf452941dc35e5ddd3f79ec819d118a8c8c
SHA512

35b6e039e7e6cc690f9abb992d9f3975ba414119eab4aed1e26dbc87484ebde4e923decaaa8012026cea2fd4acc66a36d247052fec2a7630f405ba6c38f263c2
SSDEEP

12288:86yoEJaGpz6gxtg/wLIWsNwJ5xl+weB1Tt+W3YHEgRvoLBWt0I2qR/s:XCM4LGwL3H5xlQB1QIY1vIQt04R/s

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

fuyb

Decoy

ySqkimeTE13H2ewGja9LGg==

c6a/mIndrz59qJ+/EZkF1VoKrQ==

puyjGw1Sa0A3VV4KDnqRFhr2jQC3fkc=

AjQ3LKQUXkyY6xtK/7v2VD32hgC3fkc=

zDZkS4/T4a3VFha4ja9LGg==

JYyS87zY2KSlwbAZq3Qx

Ip0fCecSq7T3ahlotm5p155TI2M/

ipYI7ki2JoP3FTV3DtjWeBqU

OG8mkGOZ5vPkBbwTIYpvwW92C8E=

GqbksepyJ6UgcFGPUA==

1zpmT4/g7AdL

2/gE2eXTnxzbcFGPUA==

CpK1phq0TrU3RnkgGKxt6tY=

4CmsHJMoNyxlsVaFx6W+iDee

+XypJGn7A+XcAFHrZ9Y6

UIAQW44G/tnX6JtM0n7UvqqR

6DHlWlGVuDDXcFGPUA==

Vp7L/Td2KXf8HL/RDePWeBqU

SnchgsBScnGwB7yvQgEqQPV0f8k=

wgMo/D7YcYh7ezwb6js=

Targets

- Target
  
  497b0213c42c51705d4db1a404852919b6c362bc32db6dd0c412bc16e9f5b305
- Size
  
  856KB
- MD5
  
  172a2a2d331ca81aa7f36024017ba6f1
- SHA1
  
  7f85bb529d373a22de7ec615c412a9001a01a36c
- SHA256
  
  497b0213c42c51705d4db1a404852919b6c362bc32db6dd0c412bc16e9f5b305
- SHA512
  
  bf00d95f0f89c457e8e9afa69d925df2aa9daf452a7b7cc055dd74483ea9f927eb5ba8f2fa66c0557578edad6f70c28cd24891d27bfcdd3ada522327bb234fd0
- SSDEEP
  
  12288:OJpCxkfn9Z81c4ozkgRS8mrFGMVlkm8IpOQnFwTADqjJ5n:mfnP8O4oz/tAGM3kmp0QFkjr
Score

10^/10

formbook fuyb discovery rat spyware stealer trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Contains code to disable Windows Defender

Formbook family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2