formbook

General

Target

JaffaCakes118_357e9ea5906e0c6b05afb5d10a644198906d1b1f79f7692e0098b942148d3f74
Size

380KB
Sample

241225-rec1eavkhs
MD5

ef2c772f95b0970b250555308bf8faaf
SHA1

9aa6b1ef1f810a0e3b3cd5f428865bcfc2f4a110
SHA256

357e9ea5906e0c6b05afb5d10a644198906d1b1f79f7692e0098b942148d3f74
SHA512

8f0d1866d9ee1c051146995c73acae35d79a07fb99d4d84c28f50f15b86da4999f652c2a22422988c7ef69170316a405c70d145491eb62b9298a98676ce0d1fe
SSDEEP

6144:vnrxYXkdgLsBrSB+6fhSjayoZ3f7TVaqT298A3/otCjZ5ZYKO7eIiOIcx8HEq+1R:PSUKs9i+6Q0vaqTI8A3QtCDZK1i4xhqC

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p6ai

Decoy

ocfoundation.info

fullhouse01.com

a-great-lexus-rx.fyi

googlepayperclick.com

coachmyragolden.com

luxclothing.club

medicationbuddy.com

miraclepawsfoundation.com

datingforcez.online

wasteharvester.com

solslides.com

hotel-ritterhof.com

tianjinsf.com

receiveyourcashnow.com

the-vma.com

godrejroyalewoodsbangalore.com

erickrokanphotography.com

vasinvestments.com

janlago.com

2nocent.com

Targets

- Target
  
  win67.bin
- Size
  
  633KB
- MD5
  
  c004bd5347a132521537d834be0b923f
- SHA1
  
  c84b199a3d70ac370000e7fd6d31009fba721493
- SHA256
  
  01e0b09f23635c1fe73b80cec3323677fe5bc6ce9ce58da9a12aa3e14936018a
- SHA512
  
  391c504d9c9509aa0eeb241d22cda071b226e9dba9107c481e345aae8c64dca3a6c6afc5620f7e960442e34ff96b8aa5ffdea65fae218f7f1858fe7f406e8f54
- SSDEEP
  
  12288:+g8tD+p1h79i/DdVedE5fJD7uwk6vP+ZWXwcAanrMXlXmZNXNSOO5:+gwVDdcE5fJV+ZuwFanYXlh/
Score

10^/10

formbook p6ai discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2