formbook

General

Target

JaffaCakes118_7d6ef45060d18fa8c4d6a4740f0aa59b4b02d62efd72d2178977d520ccd6f38f
Size

710KB
Sample

241225-cjgrtstphw
MD5

4fd8e3f0fb95d19b5352f9416ec3408b
SHA1

f6424639d298d703ddc6a8bcacf9c8d186308abb
SHA256

7d6ef45060d18fa8c4d6a4740f0aa59b4b02d62efd72d2178977d520ccd6f38f
SHA512

82c21d3233490b21b9e28f0d0639229699ac86d8b091b7119b364a763e32c20505ea91284892016effca3d361fabf14353a79c71ddbc6e3b31383e3ff4b08700
SSDEEP

12288:4UsTP2iukABz3yN+w/yqdjTkI91wNlprNFVEv2j/MBqK7hLCXzL:4U8VASZT591wNXNPE7d+

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

4kx

Decoy

eufood.info

theprotestmatters.com

khauchakhajina.com

008usa-xxf.com

backriverroadsportsplex.com

shopalndrinks.com

necght.xyz

summaryborrow.info

mys518.com

shopapemodeapparel.com

christineroseartiste.com

rsw2226.com

ashes-of-creation.com

shamilalyadin.com

learning-synergy.com

sendstats.net

waverdemo.tech

dubestol.com

bolterbunny.com

beerciderrebattes.com

Targets

- Target
  
  5c641b6db0eefe6714c87ff5b82d14671996c85e9614ba1eb4b036f4ee551dea
- Size
  
  868KB
- MD5
  
  34b98ee11bf18c5f1433e8d0479927cd
- SHA1
  
  8475a9efb33970e10826b81be8c0ca9254280dab
- SHA256
  
  5c641b6db0eefe6714c87ff5b82d14671996c85e9614ba1eb4b036f4ee551dea
- SHA512
  
  f9f85b9a0f0d5f894bc49206b4cb3f56a046c7716fcc0c2f9b9ae20ae0c6977bc1c64c1f78c01e9dea58d078699d07b62c330d3946cdf77a4d28bf275091265a
- SSDEEP
  
  24576:d+MKgPp9AR95y/BVwUBCqUalFgz7qgEq:fPpKRy//QMFgzxE
Score

10^/10

formbook 4kx discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2