formbook

General

Target

JaffaCakes118_96db10359bb6873fa460c8c59acbb033c00814d1130da12cf655b21be994ce6e
Size

288KB
Sample

241225-fy2bkayqfm
MD5

e3bbaa1c562eb16e287c504721db2c06
SHA1

9c6fd596a4118ef8b8aaa196cc8ba8f564414f6a
SHA256

96db10359bb6873fa460c8c59acbb033c00814d1130da12cf655b21be994ce6e
SHA512

606008d8b586f70c9cae970b17b44aaa403ba9763b6d2d14137c3d99f85d0ce7af78c72ec922970a4dd01b0f79c5b887ee205f7d2886c3364482858b89df3b1a
SSDEEP

6144:0wU3St8pPgRgqdI7yuzR7d+3Ymgzlq6mlInkYgzspUi:0wiSt8eRVI7yURBV5hX0Ink09

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b62n

Decoy

omegalicious1.info

yingguang.online

outdoorbeckley.com

ws-modeiraramix.site

kellymikelfordelegate.info

kaakg.com

lasoigdreasu.xyz

leisurenites.com

freerobloxhairroblox.com

samefhope.xyz

metacareprogram.com

futmagic.cat

lianshilongfuwu.com

qqxx88.com

lifesessentialz.com

wonderaisuite.com

joyorusa.com

gjlservicesok.com

padrestranquilos.com

supriforte.com

Targets

- Target
  
  SURRENDERED BL-LL2517277SIN14_PDF.exe
- Size
  
  301KB
- MD5
  
  cb55b1c8b112717e074a933736d752ad
- SHA1
  
  7cd50bef2260873a9132fec9fd0b5a74917c78ae
- SHA256
  
  f67e87585159ebb0d655eb17852a6c506e238d10091f3e7c9c3952e1d7c5df43
- SHA512
  
  ad381a9898849b644efb4469563e8e295b3f87fe98c1f57c8395696c161aa915b129a8ff1c4136f3be00286470a23f4b492a5a5e488fa739d2d3c850865463e9
- SSDEEP
  
  3072:rS17XJiDxmJJtX+WI+uO2u6TszZsyCAe1lw6na8xm/gDO3std4h9v4/0nrgoaKM8:rGiO+p+uOx6TKsTFaWM97xxAlKUPYH
Score

10^/10

formbook b62n discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/jrtnw.dll
- Size
  
  119KB
- MD5
  
  053e283c36f91d1f1537e5e156da3853
- SHA1
  
  502bd093ad89b93398d0ba046cd0f10f4be37069
- SHA256
  
  dd06f297b9966525c5b73e7bb63db9f02e3c9e7eab89c2980a292f35a7afeaf7
- SHA512
  
  27731297ce8ce34360b7aa19cfa3526453794b7475875f4312ed9289309e77e16ff48428a793359986662130c0c6dca33e174cc6c74c075666369b4b5f963513
- SSDEEP
  
  1536:L6Qe5/VlX7GSkbMFOZKY9uphgUARVGggsu00zyMAC9rupUZrXiKoyc50IDLmUleB:ALusOkY9uHUR8gurT9RrSCIXRlCiwJ
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4