formbook

General

Target

JaffaCakes118_2d928213977deceee1804db66dd7051e351097f71aa3dd2906cf3abdf1e9f621
Size

675KB
Sample

241225-p3cnfatkax
MD5

47ec25a97ec2608259528d2756e08a70
SHA1

2bac33d3e4c04b2c2550dabaf27dad5d30fc070c
SHA256

2d928213977deceee1804db66dd7051e351097f71aa3dd2906cf3abdf1e9f621
SHA512

dcf83e97d5266f356cb73914482750ffdaa7e620c761c40c37e3f5feca17013b4515a1e39628c8a75336c6567338eccac80dc1f2eaf245ef7d87cb4165492ff7
SSDEEP

12288:eYvOplM3zpytCwbqvDMiULs7S6F1X51x+JZG04DYu3b7CKF81c/YKEvJFu1Yh:eWUyotCwaVU0F3SJX4DX3b+Q81cQKEvJ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

crdi

Decoy

propertyjumpstartwebinar.com

boc-vip.club

polestarnyc.com

travelonlinebiz.com

bukovynaent.com

bestfashoin.com

miniindiastore.com

wehatebillgates.com

holmescountyjusticecourt.com

colectivorenovemosjuntos.com

houstowarehouse.com

aocsw.com

sml-uniform.com

bandanasaint.com

petposhdeluxe.com

ezcscpawq.com

ladiesoption.club

refixu.com

selfwrrrth.com

rovietry.com

Targets

- Target
  
  Way-bill doc. 00095760037503375000.exe
- Size
  
  993KB
- MD5
  
  28065df84df23230d9eabcd0a299fd62
- SHA1
  
  1a11b46fe50ca9509328914932f7c8f2fa58a387
- SHA256
  
  76ad60aecfad584010ccd54bceb275369376d7587ac24c2cc41fd63c20220a36
- SHA512
  
  c77166a3559a8638e322f1ba2192cb05b8cdf05ff689c728b556a984b47e53607caea3fec925bdeb428ee49bf9ae5cb4892cc68b52868029602f0206c3fecfe2
- SSDEEP
  
  12288:8q4FEF1rCGWQz4TboG9f9Oz144qkUEMiUmrf+NGiuNOMRfUpKXq6ZRvu9xojfOd2:J1dkTbooa1FqkUEAJYoMfXq6fwk+E
Score

10^/10

formbook crdi discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2