formbook

General

Target

JaffaCakes118_e297870bd5d70b0e653901d78c2d240cbc18fb8bfca3d94a80b7d3f4966173c8
Size

636KB
Sample

241225-f46s8sypcv
MD5

32d67277c1d070870b6f760664156929
SHA1

61637ff98cb8b3af9c47f8779415124cfd025d00
SHA256

e297870bd5d70b0e653901d78c2d240cbc18fb8bfca3d94a80b7d3f4966173c8
SHA512

c604d6a84c2f71fdbd0cf9cb020206e926ce142a0dc04ad4d5cae48b7f6bb06725a37397b648ddbbed7e405dbb3412d36f509e773ddfbc58fa5c66b8bd54dbc6
SSDEEP

12288:iU3pHfb8AUEJMfgMgzlQuN+o8702xYr2OU5MZwScmip1YhmCLl6S:igpj8AUE6fup7+tVxTxdzlqmCR6S

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bcak

Decoy

shizixiudian.com

thetimemerchants.com

rafflere.com

amosiagongbang.com

pikantepikariko.com

nationaltodaytv.com

anjielo.net

atlerz.com

cloudteamthree.com

cafelegume.com

gvniypqiy.icu

xn--schuldenzsurgesetz-ttb.info

jlxrcm.com

flowcraftnetworks.com

viberiokno-online.com

guisese66.com

farmaciaavicena.com

sealedgamescompany.com

eastonwestinc.com

szwmsz.com

Targets

- Target
  
  08d852996cac29ea979d65f029908e1e38cfddca5738b1aad650e8a3eb0b00ca
- Size
  
  781KB
- MD5
  
  9a0af6b629a159d928c7531584a39d36
- SHA1
  
  33edb3f17cc6bb15eab425d0c3361c68ec66fed7
- SHA256
  
  08d852996cac29ea979d65f029908e1e38cfddca5738b1aad650e8a3eb0b00ca
- SHA512
  
  e412eebc87755df3305680a478305e5212315e580742d3bc7bbfddc7278470e59103fb6c2d62fe94bf0980efd955dc3aef2243c2839efad4af9dcde385738b24
- SSDEEP
  
  12288:vFzHHK7zGJ7VCTbRCOb2yFO+ygE5HzMQhhEiMcYLFOXWxj8TVvUpS76VF8F:dzaiITXMHBkkX+4ZASA
Score

10^/10

formbook bcak discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2