formbook

General

Target

JaffaCakes118_8db1d8b3a8eb2032f2ee904c2cfb19f81bdf51f35f1aa479b1499a22f33ccb9a
Size

228KB
Sample

241225-h4nc1a1lhp
MD5

c67fa9efa0f190847bc42de125d8bebb
SHA1

674448ed126b7f7e9c3670edb283a68b766365b8
SHA256

8db1d8b3a8eb2032f2ee904c2cfb19f81bdf51f35f1aa479b1499a22f33ccb9a
SHA512

dd244a285d0b5362d50d8ac34a848ac8e0090fac50d5b101ffae5cd3f11ea4b4c1cc2a7dd5a0cac7aaeed5039a8c563a2f92a4f0b5deba691c2eb94ec60d9462
SSDEEP

6144:8p8MsSL8vO5+eNkvfIfZM9yPS/2pwek/wdNvJsX5JtZ:Irsg8v8MdA+mRGX5V

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

r1e3

Decoy

floorwaves.com

leshigou.top

2y3jq.com

karobazaar.com

cookdd9.com

xn--9kqu10bhqv.top

hollieforson.com

peachso.com

gerberry.info

abslikepro.com

lesourire-official.com

dfhgxi.icu

lightofcg.com

hismozart.com

nieuwemaniervanleven.com

trimble-gs-112-cable-reel.com

putacandleinit.com

gopenly.xyz

northcountyneuropsychology.com

thekittyherbalist.com

Targets

- Target
  
  f709663edaef8f4578cca9fa6de27c39e7748350c4d737182380a041c51dba2e
- Size
  
  241KB
- MD5
  
  f93308a9428065a3ff3d75c40d64de09
- SHA1
  
  d4d42dea5dd2047d5df137c2e5fcb9aed7c58218
- SHA256
  
  f709663edaef8f4578cca9fa6de27c39e7748350c4d737182380a041c51dba2e
- SHA512
  
  dc38a57fd1dffdf72ee2b5a90006790e7a55f6bca22c08215eb007e582513964dcedbaa8fe3a5676a2cf5d708a429b1bbdd0c00c636cbf27d52e9cccde2890c2
- SSDEEP
  
  6144:HNeZmxExGrK6smi9FnGg4gZ6+TzLg0tWtowfvlAv4+OIVR:HNlxEGrVHkGgXkSzLz+owFAvCq
Score

10^/10

formbook r1e3 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  gvwpfsvx.exe
- Size
  
  5KB
- MD5
  
  7736fb3049e387bf3b1c1a45dab8b94a
- SHA1
  
  d6d7bb9087a9900c824fea643e6e84aed3a62cff
- SHA256
  
  a53f89fbe86157a1979d0db0748e39d4785666668bb6372156c8724492112ca5
- SHA512
  
  5c022f1ada7c8f75f123789a7dae6ae12329641e7cbc7884f1967aa600b89daf2e37eeaef9e0af33c75dd33f424525211de061b6764892b59e7cd5528f91a570
- SSDEEP
  
  48:vpgyulOtjX6eA4l/XxT0IG0fkXudnPPMjs7nmQgnmQE++6wDZ6iOFfGqyYmR:BIOtz6eA4l/XKM+o4s++6wDZ6BJ5yVR
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4