formbook

General

Target

JaffaCakes118_fc7b547fc09ece8b98af7548a32cdf9e271e0814f9428c5e09694b2604643291
Size

713KB
Sample

241225-tzt6jaymgl
MD5

e6222e4ca41930af774d30052ac8c4ca
SHA1

cd7028a8c9f1b847a46ce4f87e6ed0eecc637352
SHA256

fc7b547fc09ece8b98af7548a32cdf9e271e0814f9428c5e09694b2604643291
SHA512

19c7e6f9754e5ead04903ba6e3a1f38c2c3bc8b058dda45ee62f6656c23a7aaf54a5f7d8790a0b6b58dbb8b17004b156d6065532cfeb28e7343f616b0ac620fa
SSDEEP

12288:wyHa3Xu0iECzvwLd07jl7gj28Xf7daXBqxBiY0UJVN0r7Ymyq01nuS63lD6X9xpD:wy63XhCzvkijZxjXAxBiSVe7z/Iu716R

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kgdh

Decoy

socialsecuty.com

rossiniconstruction.com

baliisterstore.com

walnuthotsouce.com

herculesmile.com

datum-maps.tech

yourhandhistory.com

reevolvehardware.com

condosandresorts.com

boissonsenergetiques.com

everybodymatters.club

titoly.com

knfsupplies.com

azitajovaini.com

orfilashop.com

aliceramsay.com

tipsyfetes.com

besttrip.store

ukrainianlandtoken.com

jdscornerbar.com

Targets

- Target
  
  3625a17b1c788e6936d2ef25a5d248f4bfd394a74a7b05e37145a70177428f42.bin
- Size
  
  1.2MB
- MD5
  
  bb5c9e57a26aa1fa8b6de230a99af059
- SHA1
  
  33f066cf40b09bffc48001ae3641775b4f0c36de
- SHA256
  
  3625a17b1c788e6936d2ef25a5d248f4bfd394a74a7b05e37145a70177428f42
- SHA512
  
  5bf5314dd8c9e0a36f4841feb3d591f9a21c15178c3557ee23c95c125d6ea734043906bc01a163ff369e4a81b053e92b5f6d857628600f2946ca1d719c2d7d7c
- SSDEEP
  
  24576:Y+Q8BZFYIblhBYCh/pNo1pfDrhpFEeuS+pJg:dyE1pdpyxFEeuS+
Score

10^/10

formbook kgdh discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2