formbook

General

Target

JaffaCakes118_56699b2955e3e32ddc6d47902ea502cba20df0537acbbdb03bd3be8ac6eab44d
Size

453KB
Sample

241225-s987rsxlb1
MD5

b32ca182f46aa159080d812895ac6526
SHA1

681668a54f853ecff4ef13d9776e714eca0a2c7f
SHA256

56699b2955e3e32ddc6d47902ea502cba20df0537acbbdb03bd3be8ac6eab44d
SHA512

cd5ce171aaa1750b395391cd1cf43f23e9c35d50e93155742898d1acc90e14e50b472f833415b1b0af129a126d659e611cf36f8bc79f1554020325c39849c24c
SSDEEP

12288:4+1+9WTY7BiGGqqeKARJp8fpb66GQXrMaXbOUTz7Rni:boMoFqxAXp8fw5Q7MW7Rni

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

nm8

Decoy

bloominggardening.com

uds261.com

kerrnightsky.com

1010cookstreet.net

futuremediaisnow.net

ordersinfoinq.com

bitcoinautomatictrade.com

thedreamsfreshet.com

jukjam.com

aerialc.com

strategiclearning.group

spitfind.guru

healthyteamhealthybusiness.com

willow-and-hill.com

gracioustouchintl.com

alwaysontimerecruiting.com

kufars.info

tennesseepaymentrelief.net

lojaim.com

sinantiseme.com

Targets

- Target
  
  Your parcel has arrived urgent pick up needed today.bin
- Size
  
  790KB
- MD5
  
  5dbc327a87495d4ec096dff7df906f68
- SHA1
  
  521885924b945ada9f71766129dbf29b32a0d9fe
- SHA256
  
  b5236355c56c9f54eac0f8ace1dcaf129165e17b63d42e038500417c806103d9
- SHA512
  
  660a29913166a7b4b83fd45fb1060c680f3f74dd79c1fedc06b6908e6ea66484ba2beb0d6d3097643a96f937819942a34b8b9e517aad0cf57984c30dedbb77f0
- SSDEEP
  
  12288:6cFUncJ54irus265GoqlDX1YH0COI+w7Ror6PpGg+l2K3RYUOq/yJlweqz3xxqHs:OnYnuRcBIoGblBhj8lxqzdpD3bE9
Score

10^/10

formbook nm8 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2