formbook

General

Target

JaffaCakes118_21d94f150ecb5e0c41e1dd59d88284f321a77062726213c9eaebb6f655e047c6
Size

299KB
Sample

241225-ayz6lsskdw
MD5

0ff4cdc451cc01e5e4e6f20d7033c18c
SHA1

efa3a4f4c270a02d0c5e7ec5c88173e6b0a158cd
SHA256

21d94f150ecb5e0c41e1dd59d88284f321a77062726213c9eaebb6f655e047c6
SHA512

9ff9fe5d390082f30fec8ac91f58480ba9291b41006ed6b1b5886d0d205a6e3159413c6ba665f659fb2ead8db7fd5200ae0a9f60a160682f060066f312643fb0
SSDEEP

6144:ig9TBqu5ZHY/41OGa1yb8cbyjHPK2L/oWAVVUntrVwd96qWfO0i:igd1Dim9agRwloWIVUn1S9RWf6

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rwo

Decoy

byyter.com

getintimacy.com

toptenvapes.com

coinbaxie.com

fiebluw.info

doerwang.site

795809.com

cuttingquarters.com

loveinspiredtees.com

504oysters.com

laboratoryinterior.com

techguybrian.com

twsexy2mm.com

photocatalystproducts.com

frankfoster.mobi

busingasim.com

cardanoapp.store

fhstzy.com

sanctuarytherapycenter.com

ctc-fra.com

Targets

- Target
  
  quotation inqury.bin
- Size
  
  629KB
- MD5
  
  fd9b04760439ae4dbe36397690b42380
- SHA1
  
  5dc6d63ef88a09d219444a902b99100c2b0e26be
- SHA256
  
  15e41f9b684c8df81ae0c2d5d68a036cdf20593fd72d0c7200c2da474a813f30
- SHA512
  
  c0aec2a570b5c80da005c113a7e9762bbbfec177ff1473648375c4425e46ded5cb66aff20f2b14f14f84957602add948adc5e9f28027a73704aa8dad1cb76807
- SSDEEP
  
  6144:TOnJca2zaKjDtzIiYWOcMQF1Nej+zXtUw3YFlv/Dk9C+rYW:TqiqKjFBHXNeiT2nqt
Score

10^/10

formbook rwo discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2