formbook

General

Target

JaffaCakes118_81b06ad5c4a46b52d6f4cbe9be32656743649a7ef66f80c9d4c7a90a9b5ae2e6
Size

511KB
Sample

241225-a45y2ssnbk
MD5

ee3af1cb6e2c37591d9b13da1793c9c7
SHA1

f79f417f25a9f0b57eecc40740bc046543a91b3a
SHA256

81b06ad5c4a46b52d6f4cbe9be32656743649a7ef66f80c9d4c7a90a9b5ae2e6
SHA512

57a65d0b1462859301bbcea473fbc3f928a50c92e841b76f76df9739708655f70041861c59f963d3e99d853b230880a58682dea68e6efe4e5ab7e716d30dfc32
SSDEEP

12288:84vT9Ienp4skaT18O/cL0x+ZxN5Nko+R16RoUc0f+2syHC:FJp4skqDcL0x+z6o+R0om22XC

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t052

Decoy

ladybug-learning.com

unforgottenstory.com

oldmopaiv.xyz

natashaexim.com

hannahmcelgunn.com

retargetingmachines.info

njoconline.com

unicornlankadelivery.com

giftkerala.com

englishfordoctors.online

schatzilandrvresort.com

brujoisaac.com

basiccampinggear.com

escapees.today

dgyxsy888.com

stevebana.xyz

mimozakebap.com

ezdoff.com

pluumyspalace.com

shaoshanshan.com

Targets

- Target
  
  Credit Card & Booking details.bin
- Size
  
  1.0MB
- MD5
  
  27db728c69c96de67c4ad3863abe33a9
- SHA1
  
  5786e68382eb6eec432ca8a3109f61242b4c03d0
- SHA256
  
  9e38c0c3c516583da526016c4c6a671c53333d3d156562717db79eac63587522
- SHA512
  
  696100874eb5c1e65b81fd704afcae455c0f1d9a896d6050d4f35a7873e921348386c59ed8494fc48aed95bb8390f37026079de7039e2776646aaae4e7844cd2
- SSDEEP
  
  6144:TV9VhXLMjb8MUYTygw2CMgAHVoKStnCX7QyKGk8Pu5rcyOREjCGcMdRoYfTgvzzg:erhStC4Gwe1nMdRoYf7rTmeh6ZMGka9
Score

10^/10

formbook t052 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2