formbook

General

Target

JaffaCakes118_fc4f0b453831ce61ce9b085d937469756ea43c5374f688bcc9e64c2fa7d6ecd7
Size

321KB
Sample

241225-hl31qszqf1
MD5

b883542555246e44c38284d858dd8536
SHA1

5a03499aa0ebb9c8aa6ff38262f9c53eabb3e632
SHA256

fc4f0b453831ce61ce9b085d937469756ea43c5374f688bcc9e64c2fa7d6ecd7
SHA512

26e3e39f36e3c0d3b07ed2a74062073b3883cdfb4af83e7722e3008248091bd1097e35eb77e1db7118d768f5c9d41507ca12309cdef77176d28c0ee31d8bbad7
SSDEEP

6144:t+EQr58EcLke3D+YmGPkXTvihawaLicqEUEoiyGiwh7doItxb11Fq:t+EQr58LJD+YmYPaLtUp0iC7doIr11Q

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

r1e3

Decoy

floorwaves.com

leshigou.top

2y3jq.com

karobazaar.com

cookdd9.com

xn--9kqu10bhqv.top

hollieforson.com

peachso.com

gerberry.info

abslikepro.com

lesourire-official.com

dfhgxi.icu

lightofcg.com

hismozart.com

nieuwemaniervanleven.com

trimble-gs-112-cable-reel.com

putacandleinit.com

gopenly.xyz

northcountyneuropsychology.com

thekittyherbalist.com

Targets

- Target
  
  rock455321.exe
- Size
  
  333KB
- MD5
  
  8684d70db70df0b6b307ea7d7cdaf7db
- SHA1
  
  6bf38ec565189fd303275b7bc3c4770396c29f29
- SHA256
  
  0479e653d2603f09b71afd0f2a7388c3af722643a49ac94541116dd6add60b2c
- SHA512
  
  8bf5649fdf5ee3623f66a4cd46a001e07f77ef4e2b4232159cadf3d8c63e0bdec216c62219597b909f07d357d75bd994147c212f365389169a077b955550203a
- SSDEEP
  
  6144:TxDb5vv/1m3QxOve1lmR4BEfrv2SoFJli1S1tXiplUXP0a9:03OO+YRYETv2SsDvvSpmx9
Score

10^/10

formbook r1e3 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  wiwve.exe
- Size
  
  222KB
- MD5
  
  c8da642b7d1d6af209da1815cfabb8ef
- SHA1
  
  abf77fa46cd99db90601f2b1b9d351bca76d1fcb
- SHA256
  
  5d1e158dc8e0168cdf718ca396a9cf158da04155266190fdc461db3b4ff91daf
- SHA512
  
  5d6cafb172568f2542f4c09bffc1608245436a5a7698131c37c9ae8175477709390516197e6302cb036cf39a0d7c456e1236604581b4e468bcf06e90ceff8a97
- SSDEEP
  
  3072:n2mJamjK63BsvtPN668Okm8Q1vwVgTAHO2mR8pp7uVoFtkbCPK:nU63BsvtPcBMvhUnmR8pM
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4