formbook

General

Target

JaffaCakes118_b5e8f3ae8eb85e6891ca54aca028e93ca572e5057fccfabd0ff0ae8afec59fd1
Size

794KB
Sample

241225-aqxqhsskaj
MD5

61a8f725553422cf1de1cab7fd268a04
SHA1

cf3574ac729448e82f440ce69abcab9edd9a49c9
SHA256

b5e8f3ae8eb85e6891ca54aca028e93ca572e5057fccfabd0ff0ae8afec59fd1
SHA512

d819f72858e5c541ca9e18086cf7bbe7d863dc70194609a06c13c6b8813e310dedde777f66d465171ecdeb4e5a668b8e9402ef318032fa4e258b05b93d19a09b
SSDEEP

12288:CFyU5GUJ9hQeEUXfyV1KG8pe73sTA6ZEqgBLudSVCivKp1Qe7a17/Qvjq4Pgr0Xj:CF5lXPdGBuEqgdupTu17/Sg0XXo0fWA

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rsea

Decoy

aylagrey.com

ketoodavoqslim.xyz

foyfoy.ltd

buymistnow.com

ownempire.net

cie-revolver.com

kedaimks.com

rockbettergear.com

luminousfadel.com

universalbumpkeys.com

enjoyablestopnshop.com

grandesfinanzas.com

professionmessaging.com

thtoughthenight.com

conservativesshop.com

jimihoodie.com

nhlove.net

agentsheila.com

tilemarkng.com

94ei6mgy.com

Targets

- Target
  
  d995cec041a5c5fd26a26941ed9daa203d1760a12d56fc743a1980b573503bc0
- Size
  
  935KB
- MD5
  
  f5f3e2cde43a70def7697aafd955cfc3
- SHA1
  
  da7c220e7974b04b057fcdc7a5708a77b31e716e
- SHA256
  
  d995cec041a5c5fd26a26941ed9daa203d1760a12d56fc743a1980b573503bc0
- SHA512
  
  8cb11c45fb7bec41638c55dface7188b9f647d77efe56e5791cf620c83c116cc93c408c46ee7ee3c3d48de272fb7e8dba601093cce83ef29f00ec901ebb16aa4
- SSDEEP
  
  12288:Ymele2oYC/0yzySje4oPVM3z0rcW0VOdpMLJ7szoUARCif+oqui:YS2oYY0cLVCVM7oMLlss7Cif+oqX
Score

10^/10

formbook rsea discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2