formbook

General

Target

JaffaCakes118_945d891d269bce2d71dec2d80a362bb8864a706490ba5e1d7c2dbfe1edc155b7
Size

1.2MB
Sample

241225-fb13aaylgm
MD5

ecc10861339ee466fcb7f4cddeabe828
SHA1

49ff9ee273b95c493ba9b9a8959144e8b83d6e32
SHA256

945d891d269bce2d71dec2d80a362bb8864a706490ba5e1d7c2dbfe1edc155b7
SHA512

4e5bbb1ce4c9e03f7681105960b03ba881aad9c665434b2214d5b800769da5f62fa9baa745472bae7467262ee4912622568d5dd0f9e9c1874c72b911888c0822
SSDEEP

12288:+8qAaehX93VjqTuaxT7HVVOdsxaO6RScOHj:1HaehX93VjOuaj4d0aO6POHj

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s16r

Decoy

kellieroysellsnc.com

valleylowvoltage.com

mltuo900.xyz

visitingpuntacana.com

weiwushi.com

austintechjob.com

rxstarcbd.com

shopstudioesi.com

filetto-server.xyz

relianceltdbnk.com

unethical.world

yedd.store

esthershhs.com

magaddis.com

scenicdrivetours.com

123gest.com

2020mortagelifeinsurance.com

faceinle.com

integritymarking.com

alfatoto.xyz

Targets

- Target
  
  NEW FOB ORDER.scr
- Size
  
  564KB
- MD5
  
  1b368429bb54aa475c67fc2e45380c3f
- SHA1
  
  ef6e114cd73b2ad5af2da580ff37ec65a789969a
- SHA256
  
  e6d85a6287cb583fc5dec0b47a3288d9d0bed8e103991797b14a0e16ab41a9b4
- SHA512
  
  acb661727bf128ba818740cfbfb7fc5705d96ccabd7e736c828d15471d4161f1c9bc729684d0e358728502fc2e227e3ac69bed85e583e549cd10f48f41d00d57
- SSDEEP
  
  12288:x8qAaehX93VjqTuaxT7HVVOdsxaO6RScOHj:uHaehX93VjOuaj4d0aO6POHj
Score

10^/10

formbook s16r discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2