formbook

General

Target

JaffaCakes118_85cfb27c1f41ca28327555ee08e6bb6c526b74e70ce9bea10c5cec323a803087
Size

743KB
Sample

241225-gfcqxsyrcs
MD5

8948e3313062add867f9ac8d29c54ffa
SHA1

6977ec1c988cce6000ca287a3c77a8164ca04cd3
SHA256

85cfb27c1f41ca28327555ee08e6bb6c526b74e70ce9bea10c5cec323a803087
SHA512

4abf2585e66e3985d40662db97db315e00a3d30c0aea4090e7102411aa3b454938fe35471705fbdf6d9cb4e7d9bd73ff9ce09438b95ba4227c320cf77fa4c3a8
SSDEEP

12288:bMNm9oBHll4GnCQ5BZCoys38bgmhwLOFpQaaiom+aRriIzWX9Uop/2:amOLl4GCQjS1HFpNo6IIzOuC/2

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bkbk

Decoy

myzshouse.com

elimabd.com

iandiphoto.com

k9yhf.com

lalaandthelight.com

spearteam6.com

tdv29mayiskoleji.net

senthamizholi.com

toprooferelpaso.com

homegraphicdesign.com

formas-de-ganar-dinero.online

psgvsfreelive.com

xclusivedispatch.com

qdhizwlti.icu

hananomi24.com

seikobaby.com

cursosinemlinea.com

vintage-transport.com

billings-identify.com

simplepartyplanning.com

Targets

- Target
  
  LIST.KGR.exe
- Size
  
  1006KB
- MD5
  
  00d7d51c1413e31915bc88c2446fabbb
- SHA1
  
  1275c5ab9d88eddbd81b551e41a5adf6b37bc91b
- SHA256
  
  066f116d202e07ae5e071401ab6333a546610277142b1d594d93aec47ba062c0
- SHA512
  
  7a0cbd6d1268db28fa4a841e0979d1f81ea0a8cd7dd2faa73d6f4c4e792b264e11ea4e8d515a1e1da3ebcff2edcc2f102c5d485da6a55fc196a252c55fc7f70b
- SSDEEP
  
  12288:cooFTORNvmBwwKovHK7zre0dRl00yqPc7g8heByFfKaaMomSa3riI5WX9lkOEX:+NE20vyJ7FfXoQOI5OMOEX
Score

10^/10

formbook bkbk discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2