formbook | 8fa0440884a90d217c683a8a50207068022db140a171049957afbe463d090fd4 | Triage

Sharing

General

Target

JaffaCakes118_8fa0440884a90d217c683a8a50207068022db140a171049957afbe463d090fd4
Size

743KB
Sample

241225-ark34s1rgs
MD5

4f8ea63904434cab99bd3854054fa07c
SHA1

6ef972551989a84b7c3a69d371b9a3405c828700
SHA256

8fa0440884a90d217c683a8a50207068022db140a171049957afbe463d090fd4
SHA512

ed4fd1bdac024714bdc02d06a02351a3d6c3bcf6cf31929f7e91e8afaad470a4965aa6a6d7573945215a6de4258b8f9dbd7dbcbb2f75cd75dac1af3ddb5353f3
SSDEEP

12288:uXdxJpf2HgT1BRurPowSU0C/UVhWLgB0xD/fD6UpEVzML/Hqpl9vSMxXkcMSSJDZ:uXPJVUg7ReAwzjUhBufDRoMLPeW6UpDZ

Score

10^/10

formbook u31y defense_evasion discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

u31y

Decoy

writer-career.com

thecozymosey.com

cesarashop.com

tcdfzx.com

redknightsaus6.com

hbczz.com

u0959.com

hyyssy.com

ytbangsi.com

popularepoch.com

jenesgloparties.site

belbo-shop.com

fundeim-ucv.com

buttersdesignco.com

ingiluzim.xyz

visithimalayatours.com

aridahaaf.xyz

emocjilindre.xyz

rcfunhobby.com

taminndir.com

Targets

- Target
  
  38f284c6ac68831d066f9325b4f8508145ef62146b4c257e3c0a10fdf2305b0a
- Size
  
  3.7MB
- MD5
  
  fd00d713c843371c82be116049b5a6d9
- SHA1
  
  e46e115e003d6088655a5c364d6d03551cb0e41b
- SHA256
  
  38f284c6ac68831d066f9325b4f8508145ef62146b4c257e3c0a10fdf2305b0a
- SHA512
  
  3f5c7ff62a3f3e7d03c7dd69a3195a93ad0490864ffa10af155085755a1de89f9b27a92e67c84594923b87348b5f192714f33467abbd072ee9a9050b2442c07f
- SSDEEP
  
  24576:/gzlt/Kh+sR8/P5fe4VOGLCaIMArRmXCYtXI9yrti7FnVP33hzkZsN:z
Score

10^/10

formbook u31y discovery rat spyware stealer trojan defense_evasion
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbooku31ydiscoveryratspywarestealertrojan

behavioral2

defense_evasion