formbook

General

Target

JaffaCakes118_c8f44a51b2f9300fbd1ef1638cf2ecea268d46b9ab03500b02ebcc86d95b1158
Size

495KB
Sample

241225-fw8mvsyqcm
MD5

f636ede3ebe6951df2c3d37ae6ed925d
SHA1

6b728bae6980ea4be36898918cf03c97179590bf
SHA256

c8f44a51b2f9300fbd1ef1638cf2ecea268d46b9ab03500b02ebcc86d95b1158
SHA512

39c121fecd56788fead8847bb94957dcebb7e175c615b2d9fcd25ddb341feff6b1be25dc3f37cecf6745fb189fd1b5676f66ebcecfd35842a8cb1a514ec854d3
SSDEEP

12288:5cnVE5sNI8lGHMOCIybCpNwZ2FLWdE+PGD0S7:mnm5svE9CbbCpMcLaPyt7

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

r4gk

Decoy

quantalix.com

animalblog-eggs.com

039skz.xyz

guttas.net

lasantadayparty.com

protegerfinanceservices.com

vixtest.xyz

digitaleconomy.global

0xpax.xyz

mobilehome1688.com

themotionpartners.com

valueney.com

hattuafhv.quest

js0061gj.net

360metaverse.biz

seculardata.com

346727688.xyz

smartmapom.com

moksel.com

exoduswatchco.com

Targets

- Target
  
  PRODUCT LIST.exe
- Size
  
  592KB
- MD5
  
  d403ceb699085cfd12ada96aa419a37b
- SHA1
  
  8c9831b837374d718e24d35ec7e93f642a2b74ba
- SHA256
  
  ac021bbe155b54ac93bd5ca40b6ca6130174d6d192c6fd2011e9677d56c09f4d
- SHA512
  
  7c549efb3103fde42fe6cd46d6126846aa24afd29856bd59fcb5d66a0ae3854fc7d52902ddb8e7effac86929aa081c26a82e0b4ee1ce9c617919a5e774a10d68
- SSDEEP
  
  12288:9NkLt1ac75ZalBvZ6sOEBb0OAZcELFacWHi+MnMVuL0477oaXnz61QIb:0tkCalCsOw0OACELwTC+TY0gz
Score

10^/10

formbook r4gk discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2