formbook

General

Target

JaffaCakes118_7d09a3768f7dfb3e2aaacabc46d05e59fc4ae20ee20c3e0c61e371ad5e3c30a3
Size

258KB
Sample

241225-c7pgksvngz
MD5

64dc0cc4f15047b414a44cef995dedea
SHA1

fa2e9de8916a6f910e870dc1d116822974d9797d
SHA256

7d09a3768f7dfb3e2aaacabc46d05e59fc4ae20ee20c3e0c61e371ad5e3c30a3
SHA512

4ce5ccdc8b07681de3367ffe7e8241d1f455dbf949b15ca08b7998bde65c2d427eae8d3043a7e685935af82fc940c5889c84f8d60b621f28d7f43a4b70395df0
SSDEEP

6144:8Pr8tqbKjoKHzjW3D79BJYMl2CfGxRnEQccrS95EhkTJwulTBHc7zWpu:yyY4HzS3DRn/UbJPrS/9bl18au

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sl12

Decoy

monsore-records.com

discoverthis.world

ishop-brasil.com

foxeshaveholesintl.com

currenteitherknowledge.xyz

haaph.com

leggacyfarm.com

theaudiobookdb.net

ungerstahlbaubrehna.com

cliphindi.com

thht86.com

b4d5h0t.com

yashentcbsmall.com

ltcibenefits.com

allwaystravelservice.com

1gethear.com

elstery.com

buyervalet.com

snowyrangecpa.com

bshuan.icu

Targets

- Target
  
  S12GF803.exe
- Size
  
  276KB
- MD5
  
  73d7525cc16a70fdd326f3cee8928a80
- SHA1
  
  2354ed7b61f9764d318088aca0c92884e408aa28
- SHA256
  
  4518329e81a1a2e8a9bebd6dc7797ec5cc93723075409cd44e89d572da46eab4
- SHA512
  
  40722cda09838d1f5e0ddde6dbbde9111149bb59c02b21af63cf1626fa2cb59a7126d018ceccaff80295bbc4f0f8e84f065104f971a9b587112a454a653afcef
- SSDEEP
  
  6144:/wNTMFkC+gUJIqC7uITtV66zZ6zNpTbwnxR7PUj:ZFk5k7xlAbwnAj
Score

10^/10

formbook sl12 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  xsdzemml.exe
- Size
  
  55KB
- MD5
  
  e2aa91fb3599cb7cbbd1cb3d5e4c3063
- SHA1
  
  f4278c4f6e1f3358b1ea4748aa2c9401488b6fb7
- SHA256
  
  2e61c28dea3a0dcde21b06fba573bac629a6cc2fb464bde2f332f3e8c3ba62df
- SHA512
  
  f5f91140dbeaf73a724bca50914a13bb4bd180c0a6b4ccc87f7abd34cea94bd0f16d2d601ec8e6fde5d414f24e8078622f2f203d135469213d524a0f4b632ce3
- SSDEEP
  
  1536:Jl/q6Jo2jwim79h5adPF329aJih1IjzGx5SsR1q2Ym0PPDYlHCX:nq6JBjmpjadPjih1IjzmFrYdwC
Score

10^/10

formbook sl12 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Formbook

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4