formbook

General

Target

JaffaCakes118_b2375324fd8e56728fc6ef7b5ad904e31b570e0f477b6da53e653d1c217226f8
Size

674KB
Sample

241225-s3hq8sxlam
MD5

2e6c64747d64b4e787217433be2ce0b2
SHA1

5b77a552b81ddbc1fc4d079bb20319fd7171b93d
SHA256

b2375324fd8e56728fc6ef7b5ad904e31b570e0f477b6da53e653d1c217226f8
SHA512

de81506ea41f8cfd9f37534c5a5cdea31e74eff18283950c11ad0326164946cec1a503f6bef5d74aa4aea997906fdadc0e0d3e3a5092de8450d618b9fbee9bc1
SSDEEP

12288:sdySQ1iHio9TY2MlGFyYETjOd/XcPwGUS7NsZ3ugYc6UphUO8v3KrCBiJy1jIhen:Ph1A9TxKGUYETj0/XGUSu9uq78CrAiJU

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

v18s

Decoy

elixirblog.com

foodweightedblanket.com

jillianjenna.com

dappsudhampur.com

pro-mesh.com

xn--wnu.xyz

americaniberians.com

simosimo09.com

abonnementenpause044.info

rentlakehome.com

orbeltheloanofficer.com

kuaileshen.com

ijoslca.com

honorsongs.net

templew.xyz

shmhz.com

airboat-alligator.site

lanearto.com

upscalekitchenbath.com

kumamoto0930.com

Targets

- Target
  
  PO.2072022.xls.exe
- Size
  
  694KB
- MD5
  
  bc93bad913319b8e17505dd550d44467
- SHA1
  
  887d95d807bf45af676f1e827b77dd5c2c5ef9b9
- SHA256
  
  bbb957f9271b7de5007376f0a05fd7669f1dcfe7ab920b1a6851f7690dc5d4fc
- SHA512
  
  18c72dd92fa59469f8e40bc69bc4d932136f77d7e657642763055f6d7d619b63d865d90173f6c350cef9f5c15901fc57224551b55acc0bf0c106d9cc58b2f903
- SSDEEP
  
  12288:1ulhUQKIoqbDYhwsyH4kKpbf8SLn9Qu/ejCuuSZkJafY2Pf1NTqcigP:1uzKIoqbkhwV3Mwo9Qu/eduSKMfY231d
Score

10^/10

formbook v18s discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2