formbook

General

Target

JaffaCakes118_22ef42dc4a3a6dd23518bd34b44e53e11cb2c0ecd50a767e2a684b6cb0baf1e9
Size

348KB
Sample

241225-afxyja1pct
MD5

a9250ca05746958c21bf04bc93122bae
SHA1

c3beac3bdc929ddd9eb2d8c26b31c3b0bfa8c2bc
SHA256

22ef42dc4a3a6dd23518bd34b44e53e11cb2c0ecd50a767e2a684b6cb0baf1e9
SHA512

b4e5489df30420922a5a51b5256f5bd2f5c9a15041785b618565ebded0e42c689e29f6f4cc369f797a9999b11c535a7a1ea05ae43976fe92daad4d710e906f1c
SSDEEP

6144:cwoUWk+gqGtU+usChZYMDpZcTIuNaE6zTKAf8EtnKKxzXKCnf:rokvusChZ1DpZaUKO8ynKOz6Cf

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ckvl

Decoy

buketmert.com

hodu61.net

avenuecaca.com

kays.kitchen

8ky4.com

pretty-zoo.com

ds613.com

sacramentohemorrhoidcenter.com

icbcpd.com

zzinpick.com

cloudtestingrules.com

2020-especial-em-casa.com

lapdwde83.club

misionsanlorenzo.com

neenaknows.com

jlsqjjz.com

cazconstructionservices.com

ashihun75.icu

elvantage.com

youmovies.site

Targets

- Target
  
  Roominglists.exe
- Size
  
  749KB
- MD5
  
  b5f24a1fd71e559eaa19ebcd80a99d9e
- SHA1
  
  dd8b29c0134e7511aec9bef4b06fd67a3cb44153
- SHA256
  
  6ff6c5f89aa139e77c9aa300afcdf6d44b0271b6183fbbc53545ebd35cf0d300
- SHA512
  
  53002a9a14699cecb6d4d44286c42759a7ee3e750c714a2586870903e4576f0866440635925a5b45c67b2be61a9cf0fb008007a4370d509fb5da9edd6baf1a7e
- SSDEEP
  
  6144:4SiQrg69IZsnbzdCQ2IFXAOvo3+6plqs+qGCkBRikK7CQrwWXLIvxhkYu8wvxWP:zgZsnbzdXXK3+6plqs+37IuQ1x6
Score

10^/10

formbook ckvl discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2