formbook | da742afc42369db1320628ca59e4f30184b456dee53c32b1b18b6b76104a4405 | Triage

Sharing

General

Target

JaffaCakes118_da742afc42369db1320628ca59e4f30184b456dee53c32b1b18b6b76104a4405
Size

332KB
Sample

241225-pthhbstjcm
MD5

df1853bc557a40333123e1dcecc048d8
SHA1

a808dcfb0b7cd7e1e7ed7d4256f3d4ab66bf3e27
SHA256

da742afc42369db1320628ca59e4f30184b456dee53c32b1b18b6b76104a4405
SHA512

6a177e985567a1862616527fd818543326cd7371da9709971c77504d9e9f3cdd0ffe253fd51d8772b778ff03ff0a045716e5e3d56e43f33c5ccf71b3415322d6
SSDEEP

6144:05IlGDGKpU2OHW2tbaVl/iDIwXMraru0B0SsudvrezImb9l+:05IsU24jyl/DglKoiuvrezI6C

Score

10^/10

formbook cl8k discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cl8k

Decoy

georgiaprfirm.com

rhinosafeinc.com

gandgpublishing.com

angelyangelarquitectos.com

formation-gallery.com

orangecountyipadrepair.com

aplearn.info

freshlucky.com

wrapfestival.com

zerosarentals.com

ff7a9vlt7.xyz

teachbing.com

mukos.xyz

baojianma.com

dermalaf.com

hannahandpatrick2022.com

yesilnoktam.xyz

theroyalhotels-kw.com

reisebazaar.online

senergypallet.com

Targets

- Target
  
  invoice Ceylan 49.600€.exe
- Size
  
  352KB
- MD5
  
  74f87a533471eaa7719df1d9b0593c2a
- SHA1
  
  77a20802e1e2db283ddf605a818372a72b0d8e26
- SHA256
  
  851b20d33b8210f3d20ab4694011a0858eeb745e248a768c1e4c214efb59464b
- SHA512
  
  a65587fa689531ff0d9da0c24ed9fb01adc986353491b6cb65773c66c7d5bf3773f8ae7c87ca4e2485da442c815722cdf5633e425693a8ace5f888744c868438
- SSDEEP
  
  6144:uHKk9IMkhBBLK5F//cVXX2fbi5PQAWH8m11H1OiBSb5iUmkyvYbMNXTUEAp4Ds:uqsSBe3aW+oAb4bHqkTk4YQdUEA
Score

10^/10

formbook cl8k discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookcl8kdiscoveryratspywarestealertrojan

behavioral2

formbookcl8kdiscoveryratspywarestealertrojan