formbook

General

Target

JaffaCakes118_9bd77f7b578698fa37d7fa9a75fc701b092f2055cab152d5d35fc13d62f34d45
Size

993KB
Sample

241225-t8yv3synct
MD5

9a3d6d2b1bd6ada33e4a0fdbabc90114
SHA1

a1d9bfc94bf250867f71bc94468f12cfbffe283c
SHA256

9bd77f7b578698fa37d7fa9a75fc701b092f2055cab152d5d35fc13d62f34d45
SHA512

e6f2cde47f10c9d98a199c3a146bdb3cd38b61f3e8625073fc270cf7c0278a46b95e31dda664169200c3d2c8f1bb55aef217554cc8709447652af78c3d4c1300
SSDEEP

24576:ey+6Pl0vEf/atjBTzKUXEiqcehXCWDrsQ8KYF:kC5fitdzKUXBqJCWDJ8tF

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

k0d

Decoy

actanoverba.com

karenmckaylegal.com

magiatelier.link

asseto.co.uk

511227.com

friedharf.net

awesomebtc.com

cooperativatci.com

7r62wq4m2c.com

vetswhogetmarketing.com

supramvp.com

reusablecanninglids.net

skygouwu.com

51shengyuan.com

selekamenorezac.com

yt7876.com

haapaniemivalley.com

smlc8.com

transitium.com

dunkflre.com

Targets

- Target
  
  c8cab884daba148b1c8cd717f20b90cf4a2ca3c3c9f476b2da13e1be9272ba57
- Size
  
  1.4MB
- MD5
  
  9d2f586afb6c4b2e82e049702948b928
- SHA1
  
  38e04f9da21e7c671d2183dc3013dcddddd9aa18
- SHA256
  
  c8cab884daba148b1c8cd717f20b90cf4a2ca3c3c9f476b2da13e1be9272ba57
- SHA512
  
  8436c64227573862934c3008129dcf09168e43604dde72d2547c63e6a501db8a9834a0170c7855a4044392ed6c4d44cb858a25514342239b7cc376ede0503a0e
- SSDEEP
  
  24576:wu6J33O0c+JY5UZ+XC0kGso6FazbJQxGpVs5ia/5qX9cUtFl4u4KYM2WY:6u0c++OCvkGs9FazbJ6r5ia/5Q99FyfP
Score

10^/10

formbook k0d discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2