formbook

General

Target

JaffaCakes118_01fa11bf9cf821372575e12496a281db3c0edd99043f5a30351f218380028c79
Size

244KB
Sample

241225-fahvbayjft
MD5

13ef41be04f9d8355776f7dbd8459b96
SHA1

271fc692ef2c75c487aa91414db79c6013a77015
SHA256

01fa11bf9cf821372575e12496a281db3c0edd99043f5a30351f218380028c79
SHA512

b81ab90b527cb331c685443ea5362e2adcac9f5c67d9def373cc3f4bd343265b611edf4fbc13124d4554853744b68ce939d9981a6cde6811dc3547d81e920d46
SSDEEP

6144:7Fw7+fE0EqNuvJrQD2L5PcmsShiYSNKE+mposgxvVNiR+mSr:5rfdVNuvJ0KKUhif7+misgRVcdG

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

wh23

Decoy

ow9vyvfee.com

alvis.one

mutantgobz.claims

plynofon.com

southofkingst.store

nuvidamedspa.com

coffeeforyou56.com

opaletechevents.com

momobar.life

abcmousu.com

learnicd-11.com

tipokin.xyz

kahvezevki.com

suratdimond.com

oldartists.best

infoepic.info

mattresslabo.com

skarlmotors.com

cl9319x.xyz

med49app.net

Targets

- Target
  
  igfx.bin
- Size
  
  411KB
- MD5
  
  58af2905bb3afbf26a18d4dbff6af451
- SHA1
  
  15b21c2753b658b90ae652d82dd2123daf5af305
- SHA256
  
  c23c53452c3180e79ca639a79a2dc1ea8e3d8fbf4833e02e4ac02959dcfce486
- SHA512
  
  1f2a73881b9950d2f2ce6ee57c75782fc30335a402c1d555fcd97082f7e43dc6d14fc584f5deb156d99421b036227748adecc9e42671e2baea382b68adcc9e79
- SSDEEP
  
  6144:rweEDPVVGng08cErJGSovljhvXoFDkBTeI2+LJdSdMh4:o2tlgGxjhvqD43dSdi4
Score

10^/10

formbook wh23 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  iwszswbfva.exe
- Size
  
  7KB
- MD5
  
  256173eb182e2853cbfa0590dfb0cb3a
- SHA1
  
  c8eadb0d069644a491368497e91d737e4dc41754
- SHA256
  
  15b35b8bd2d2e94f656e77a105e3ef99946b02c41d773d118ab0c64db578eb5d
- SHA512
  
  22e88b1ed25e5f8391497255a8bdc7ea1aef876f3f3c9547e334436d8f250c8cc5c45c344b79c7009d15c9556235086190bc2a3bfb637cd3eaa67824cea78af2
- SSDEEP
  
  96:B5AgpWlt+6vtR/c8CGzNyR5dj+5qB+STbjCXv+:wgUlXrCGud65nSfjCXv+
Score

10^/10

formbook wh23 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Formbook

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4