formbook

General

Target

JaffaCakes118_a8aff99f8bcbef5a0876b6acd7d0bec190b110a79df1b97e7a88d87c0fd95d77
Size

243KB
Sample

241225-ewdxtaxqhm
MD5

af69a5367b8abced473029446eafef12
SHA1

d4d735512526ed6c16a9ad1ea6475e7fc31543a4
SHA256

a8aff99f8bcbef5a0876b6acd7d0bec190b110a79df1b97e7a88d87c0fd95d77
SHA512

d371eb04a2ae5fcd77f02a8dda321dd631c11caad75d810e09eac04cfc68fa2de1f7c0043616f02cb5701ef0b35d28634a1cc19b40b94b3e5c68de65bcecfb0f
SSDEEP

6144:QE6dddQDCQlzJd0gmzQAbcBqFDYdPyNCzFd4BBq:x6ZQdxJ+JZZYByv6

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g28p

Decoy

whhmgs.asia

wellmedcaredirect.net

beggarded.com

wtpjiv.site

todo-celulares.com

parkitny.net

43345.top

pro-genie.com

cwdxz.com

cbc-inc.xyz

healthspots.net

rulil.top

pyramidaudit.solutions

k8sb15.live

hempaware.report

usclink.life

stayefs.net

05262.top

shop-izakaya-jin.com

iccworldcupnews.com

Targets

- Target
  
  022ce338093b066916440ca89bc619d13d104402ddbad665e19cb67d10ec2287
- Size
  
  356KB
- MD5
  
  c852d6edda8423d9307f0cb5ea10f750
- SHA1
  
  a32331f7134fd005c57bb3d7b5d8ed4e9203bde3
- SHA256
  
  022ce338093b066916440ca89bc619d13d104402ddbad665e19cb67d10ec2287
- SHA512
  
  64aac84710e53d052490d8e1b703670e0bfc9d52d41a1742871ffe15ed327709bd135f3b7033bfa90a05dd6c67a1cb09785bc9bf86104319e795393988e3e08f
- SSDEEP
  
  6144:jNeZnTKu1gRtv6cWG3Gy+crqhf8+M6JCoo2FC04rIZ6AxKRPLZ:jNHv6cx3G/Th0+M68oo2F4cgAQNZ
Score

10^/10

formbook g28p discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  ftkyt.exe
- Size
  
  6KB
- MD5
  
  181fac370d823037dcad0d6bcc2cb09b
- SHA1
  
  68f0ace3d28f067310cccf6bfe4295aefea80e10
- SHA256
  
  1468812bd2ef069b5a184371088ecec787d572cc5439841e40f2185f293beaa7
- SHA512
  
  6c73580f591a6b966ae57a8757aa0249cdcf37b8250d2a979bb391a7c8fea460346f8fd1badea2a4d240c46907fe2246dfc019abc72ee5c9afe73fa3388230b5
- SSDEEP
  
  48:atkCjiL7MA9CpUGiPXXPuh5PtR+qCpUh0MovqHwI4IkPzI/iaIUIc7odlM7BXWjh:opeL7MAiiP4roM2V7acK7BHx
Score

10^/10

formbook g28p discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Formbook

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4