formbook

General

Target

JaffaCakes118_ad45a44ed98b7316912105f0e4c3580e8072d58224914873daf7a9421b1ec4d2
Size

441KB
Sample

241225-al64ds1qds
MD5

196b1233d37659275de6165d5a0deaee
SHA1

62feba84b662534a37896b84cf1bd54b382dc9ec
SHA256

ad45a44ed98b7316912105f0e4c3580e8072d58224914873daf7a9421b1ec4d2
SHA512

4dfbca9940b1fb359eaaa3e8637f1f4a0e59e70b781e81d0b908a0d754a6ddbfdcfcbe9c2d95cf8d2319920a0d1299d1545708fb722ecde2482a113a5d4dd7f4
SSDEEP

12288:hIDdRaXoWqwZjL/jXGjOpcjp/sqeL8/0lnxR+XOel:CDdMXorwZnqjj+Uk2Xt

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

numg

Decoy

besthandgel.com

infoseru.xyz

c2batlrjd09euxppve04393.com

staminagrow.com

scorpionhyatt.com

blacsmitz.com

verifymia.com

dicklaurent.art

shopnaturesthrone.com

carlym.com

matticlay.com

journeywithjustus.com

teslaenergy.website

dreamholiday.info

minlicy.com

gazeonline.club

51hhav.com

pellicule.net

eje-visual.com

seniorlivingsearchusanet.com

Targets

- Target
  
  7667985125f9931cc7f2e150860f9af7395f31d70440c4bf2a1ad2b6cf63c593
- Size
  
  538KB
- MD5
  
  abd8c61a29d9e5526ecaca0715e25bf4
- SHA1
  
  1ee6813a43d48eb1cb26ed0efa16dc17a7e7d095
- SHA256
  
  7667985125f9931cc7f2e150860f9af7395f31d70440c4bf2a1ad2b6cf63c593
- SHA512
  
  5fe910364426d6922d4d68b75b0c39d43bfcc0a1eeb0f5a0d3b3efb87156a4123e226183d584855d51f4cc9225b728c20ff332874a89d9f7852dfd4e57f1dd5b
- SSDEEP
  
  12288:FqJFTPQlZAqgaXOtuyOt48ZrHfDatzZ/QBd3/ykDvG7wn0js/920nLn2Zk1Muax/:FqOZA30wuC+aJZsXSZ8v
Score

10^/10

formbook numg discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2