formbook

General

Target

JaffaCakes118_89b683855a2ab91c7224978cd42a844a864585d288bfe9620084c632192ba890
Size

673KB
Sample

241225-fm8aqsylfw
MD5

50e60490cbf187d011a249bddc3f63b4
SHA1

ffb23a4e7cfe7cbd6133b7ed1f83d434339add86
SHA256

89b683855a2ab91c7224978cd42a844a864585d288bfe9620084c632192ba890
SHA512

553ca89ef81a97dedbf8561df3df4ce454f8b8e1536b2251d7b0d0dd840baa4079db61050fab4fb63fe72658e1b2b0afc18c26d551e4f54002edee2fdeec7093
SSDEEP

12288:3LtFDK7KOxVud9NJOH+mzitD8LGgy2f2fZAaprZye8eFTInxD3D6i:3L7DK7KOvoUem/Tf2fearZbmV3f

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sdk

Decoy

mosquitobandidos.com

yisecurityfirst.com

faip777.icu

nc-tv.com

tifeeds.com

techlez.com

newalbanyironworks.com

shadent.store

therealworldtravel.com

cryptocoinminingpro.com

lobard.com

iamforexbots.com

cottnon.com

dandaanyar.com

browtopia.space

mo-diamond-mining.com

inteholistichealth.clinic

bhargavmistry.com

justgraceboutique.com

africanwomenabroad.com

Targets

- Target
  
  PO_82_4000002414_XLS.bin
- Size
  
  805KB
- MD5
  
  85d7d1da8b13db9c318edb8e0ef6edcd
- SHA1
  
  d896eed6ed2dffaf9f7253b1642787b92e67f704
- SHA256
  
  765c1e7486aedffd7021ae5f15c86e549c7b796a5025249781f9c8a6327f4037
- SHA512
  
  eb82f6bf67635506b5fbcf4ea3b6e409152a54db8ba8d71c6272f88dcf16634c7cd75baaf68180c56a78209e9776a129f71d94a864c6a237663460933c05da52
- SSDEEP
  
  12288:vAOLPQXFuSL3DuSOYrPkjrV9jqd98+OXwUWT8oogIi1S01T:xLIXFukuSOfrqdLOyDj1R
Score

10^/10

formbook sdk discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2