formbook

General

Target

JaffaCakes118_c1a148b353ceabecd13c5e1097efb20b13f0b46b2f15dd50bf906773a205d0e7
Size

203KB
Sample

241225-bc2b8aspgj
MD5

e31e6ee84492dd81174ee97460c2dd5b
SHA1

cbc7711747edad49814583bbe1a8a8be8b8a7e4a
SHA256

c1a148b353ceabecd13c5e1097efb20b13f0b46b2f15dd50bf906773a205d0e7
SHA512

012ffa702058efae6730ef12b555bc99ee4da9ee1dfa311c364d3207e6e55f7f9f40594a71a02f96530e76c1531d7dbb3f9bcf1489530f9f169566b368bcf54c
SSDEEP

6144:BBLjeBpG6y/j9V2+LHmQlvm8fbVS43I5unBVL8Jw:bLm6D7KQlvmmZS43znBH

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn31

Decoy

matsuomatsuo.com

104wn.com

bolacorner.com

dawonderer.com

yourpamlano.xyz

mtzmx.icu

lepakzaparket.com

barmagli.com

danta.ltd

marumaru240.com

people-centeredhr.com

test-brew-inc.com

clairvoyantbusinesscoach.com

aforeignexchangeblog.com

erentekbilisim.com

gangqinqu123.net

defiguaranteebonds.com

thegioigaubong97.site

vaoiwin.info

vcwholeness.com

Targets

- Target
  
  inlaweed324456.exe
- Size
  
  216KB
- MD5
  
  aa9acee000034360ef72e014b05e775c
- SHA1
  
  2e424b2812e789a76315fe7ee2977c2fb802e568
- SHA256
  
  0d0f9826df61da68a73b28700102eb7c15f3d3dac4925b56b08a4c9ef89ab743
- SHA512
  
  1d881aed0cdfd9f7e0cb6a883040b763c07e9428627384984e23e65bd24e30897ed05881e106d1e55dd4b13a6d3b3682fb198299e53cc1b8d94aa28c420804fc
- SSDEEP
  
  3072:F14/IIhEDnmJ+xjJiGIykqSqbNjXGK86HBmx6k6qzUCa0lCVUyy+ZFsH5:FbUIZX58YQ8DqPa06UyjZF+5
Score

10^/10

formbook sn31 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  ughxrz.exe
- Size
  
  4KB
- MD5
  
  86ec26587378d1a1ff33ce1aa2680fba
- SHA1
  
  577ba29772044952e70cfab3f9c08c06a4272314
- SHA256
  
  192fba7e71f2f2e0d53c8ac2b9a0ce20c489b8d8306e44cd025fa0fd3bfc5229
- SHA512
  
  e0c309435494918579379c4c1ccfc8f03ab8bd474c1f142179d5050bc99693ba08ea2cdda88e22bf1e7c12ac634aa15ed08dfd4b5a78e464c33ac495bf9f4f60
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4