formbook

General

Target

JaffaCakes118_f69821010916c746e5e371fcd011dda072fdfc09ac964e9db9506a97cec1fe3e
Size

236KB
Sample

241225-g8tvxazqbr
MD5

b593262d2babfb3265de37272c0048aa
SHA1

50e60ed8b6d3ba661d2ce8518316ca7b737d9cbd
SHA256

f69821010916c746e5e371fcd011dda072fdfc09ac964e9db9506a97cec1fe3e
SHA512

8794e400c95a6d913d88c5ceae239570f19a738c4104c582f2041ec355253f79470f014925669104df92c72a067f3283659e3824108fb8fc31780fa661961561
SSDEEP

6144:PU5yfmYPcNV/bdPIn6nGTGaU3rt9RXo4F+nkX2GuaBegbygSv:qyfmYEjDpInABaKRY4FfgSfbMv

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s3dy

Decoy

ravlygte.info

marketnewsville.online

flooring-envy.com

flavourhouston.com

donghohanghieunam.com

globleitsolutions.com

digitalgraphicarts.com

cupidbeautybar.com

cannavybes.com

negative-dsp.com

littledali.com

meltwatersoftware.info

blackdogland.com

danasales.com

mississippiscorecard.com

mainesmoker.com

sirenxinlilzixun.com

tychehang.com

gentciu.com

weckloltd.com

Targets

- Target
  
  inv300123.pdf.exe
- Size
  
  249KB
- MD5
  
  c1d715af9940a5e70e1ab58fecc18dba
- SHA1
  
  a223f8c86b1748e3f7bccccd13c864507505e09c
- SHA256
  
  3b49db8324bc576c3d9e31d4bd1c27af48f3ec36652b95991a3b4803c6a48ad8
- SHA512
  
  99fef3200ab3cf200a4d23ed95edbbc7005b856b599a2b832bedf9cb16ffc62dc6f5bc6c073a95e3f473b055621e4e022801c72ff4c0ab818253fdba59cafd53
- SSDEEP
  
  6144:wBlL/c/QkZXt5dYUpKdCASZEJsfgnv1KhsiGcO3:CezZJ7pDhZEJggnNceH3
Score

10^/10

formbook s3dy discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/nqdipsrotb.dll
- Size
  
  31KB
- MD5
  
  8ab953e111816f48fd4aab119809af53
- SHA1
  
  5ad3c9b13395ea5912bbff13746171a387f43979
- SHA256
  
  cb989078f012a4f8f8fe2b0ee20790a792dc6f1968cb0bba55f654ffb3346c20
- SHA512
  
  75b37e5fcc1994686eb91316ef45ec46e9ada54cbe985e9671c8e0d09a153ddb6bbfd2881dc278c6b351c6a022d1db6c33b6b7a7ce73b0eb4af5a84ca2e7e421
- SSDEEP
  
  768:NwnNXmYszi/iiIQSE1J982EvVaM+eDdeQTl:HzHLQSA382EvVHOQ
Score

10^/10

formbook s3dy discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

Formbook

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4