formbook

General

Target

JaffaCakes118_73181fde5ff61e6823ee4d189cf4a86f2426ad96cfbf774f819cdb0c27ef5859
Size

809KB
Sample

241225-blc1zssqfz
MD5

ae94f0c729ee14ff9498bde272183eb2
SHA1

05fa0414c7d4f3d768c3b5e3554d1f7874c75af0
SHA256

73181fde5ff61e6823ee4d189cf4a86f2426ad96cfbf774f819cdb0c27ef5859
SHA512

c95f5d96089fc882ab509e6a1fb7b34c10c6845e70babdeff1372f21330acc869c15ec9a9f24678dd5bbd1a3c9e66c0f28d9b2d654208a83048515e24f504488
SSDEEP

24576:GXiULpVf+apr9aKnBk2JQDwHBkAXmo7grW:Gvt+afaKK2hhB9gq

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bn89

Decoy

mynorthernfcu.com

leafolux.com

joycasino-official-game2.win

shopfourfourteen.com

gzjyby.com

rapidwastedisposal.com

homme-alpha.com

essentialpowerwithin.com

emeralddrumcompany.com

dyspay.com

makedollarsonline.info

fredautosport.net

amzrelay.com

qtqqwdnbu.icu

lookingupproperties.com

twojemiasto.info

zrlin.online

mykabirmusic.com

mukulikamakeupartistry.com

mouridi.com

Targets

- Target
  
  681fe3b085850ef4d08c34692526d77bbe97a0363ed900e397f008a7274fa3c5
- Size
  
  1.0MB
- MD5
  
  2e968b52eeb924243e635aa8839e0ec4
- SHA1
  
  e6c64ea9a9d353881349fdc357d26a93370dab52
- SHA256
  
  681fe3b085850ef4d08c34692526d77bbe97a0363ed900e397f008a7274fa3c5
- SHA512
  
  7d61d90e37481730a2666d6f54eb97371ff27d87bb6294b193837cab11e88ffbda174cae75d3401a4798627bec18fe7662596630e63e496eb7ef8b49b0ba36f8
- SSDEEP
  
  24576:ERcGuyEEeKrvDB+/ExV9ogVayp1q2d3WP8e:Fgow91u2W0
Score

10^/10

discovery formbook bn89 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2