formbook

General

Target

JaffaCakes118_4ff42ff73c27136fbf3ff918b0beae0b7e461c6762a3b8e96e1d6826ef2643c4
Size

239KB
Sample

241225-q7q73avlal
MD5

9a0cd39e663e14573965f5c5dd637f23
SHA1

374e6619b3500cd0d8de7115b5dccfdf1207383c
SHA256

4ff42ff73c27136fbf3ff918b0beae0b7e461c6762a3b8e96e1d6826ef2643c4
SHA512

ca3a9f03122aaeed95ec1be118e9530f37aa3ad083456c75944e1a6c43029fb19fc25d191d9203da91f43df6578d9c4453f9a7da8db576b9620f111ed506f6bc
SSDEEP

6144:A6Ag7RAnlP8TPPlEjJkXs0ibiNktCKOOYeeZ6YG1ctvhgX:A6B7Ro+1ZHWsKTTYG2hhgX

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

f1d4

Decoy

kuikstore.com

nr6377.online

finedesigncarpentry.info

weddingsnorthvalley.com

jana-philipp.com

kaiyuancement.com

lucidfear.com

workwithaika.online

webuyyourhome-4cash.com

katiskey.com

twice-tourmerchandise.com

jbmm.net

koper.xyz

entrustedcareers.com

redphoenixvallc.com

fiustore.com

dingsec.xyz

997528.com

carlosmarketer.store

tjhiftstores.com

Targets

- Target
  
  PO#1120098.exe
- Size
  
  404KB
- MD5
  
  87d4ee2c81b5fae355cad8d154907d7b
- SHA1
  
  cb8fc5cfdf9b5f9202360f51f9cd1663177bb719
- SHA256
  
  3fe13e6186755a24b331072e722fd65a60f1c40dea337e4f4e53640f083d26b3
- SHA512
  
  9c43ec32b1dbb877eb8e51e0a6ab6135e9500d17c17bdaabc3390e0eb6218f66728d6ca40775252f38cedaad3f3555ec0b55afe328dbdf481e2a2d836ece338b
- SSDEEP
  
  6144:yGiNSjUEBnA+hiVs8786nkn9eyOZxcyd5jJLMLtO1b3wvG:z1Al17899Gxc+pJLJ
Score

10^/10

formbook f1d4 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  xyqsqa.exe
- Size
  
  4KB
- MD5
  
  21703a2b69551aa3ce5465ae96181491
- SHA1
  
  6cb32673f3bf2eac1e9d6f7f21465d9b598b05ec
- SHA256
  
  094e08dcd36e68eff615e0e1aa4aa9d0525d5200b212af4ff89ff3b0c5dafdd4
- SHA512
  
  edece5ae3dad4d37192bae6d6bec301ce1e7faef181a93218a193ecd3e2e2c89fe2103ff4bd3f8a4f4b0c677b39db36d91586e981fb75826a5558d98f15cfc2e
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4