formbook

General

Target

JaffaCakes118_a7c0092408ab742419d34f63941fa88c1513d8f92deb8e8f6ad54b052186f77e
Size

711KB
Sample

241225-hbyy2azngz
MD5

b856ff1bf3499d814569ec406ef6dbb2
SHA1

8324a0591a70dd3f1d7f1b10b7df5bd186679589
SHA256

a7c0092408ab742419d34f63941fa88c1513d8f92deb8e8f6ad54b052186f77e
SHA512

805ee8f481c899ee6c7ed494c406bc020d759259b8500aa5dd6f3446fea643c095579fbaacdbeeae0693f16f393c383f9c3096825efff8538cb6bd821cee5a2b
SSDEEP

12288:w06QI+bIHyDE/LMKHyvryZd/54A6xK5+YIg9GfAg10LmSgDhXG80VHe8GU+1ihwt:n6QiHNXyvWZcvhJQGfNSmS3DV+8GUGqq

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mxwf

Decoy

orders-cialis.info

auctionorbuy.com

meanmugsamore.com

yachtcrewmark.com

sacredkashilifestudio.net

themintyard.com

bragafoods.com

sierp.com

hausofdeme.com

anthonyjames915.com

bajardepesoencasa.com

marciaroyal.com

earringlifter.com

dsdjfhd9ddksa1as.info

bmzproekt.com

employmentbc.com

ptsdtreatment.space

vrchance.com

cnrongding.com

welovelit.com

Targets

- Target
  
  0ea81e325568a6d5c8ecde8ce0198dabe9553e237ef46b328240d7f51231d3bb
- Size
  
  831KB
- MD5
  
  790939840cb426b9f163776c2c478966
- SHA1
  
  d0ec41b2b85db2a4e874c14a16466f827e170027
- SHA256
  
  0ea81e325568a6d5c8ecde8ce0198dabe9553e237ef46b328240d7f51231d3bb
- SHA512
  
  3f6bed2d6e2e749282ea3e614efda00c82946e5c7954b2e36c1278d590019cbecd04ff4edb6131bee4046f57424cdc8a3c50f5ca7df1160a1472e907af2c25bc
- SSDEEP
  
  24576:8dnaNnWfVembCSq9dnxWlh73bwwI+hYnl7daP6a:AaN4VewM2b
Score

10^/10

formbook mxwf discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2