formbook

General

Target

JaffaCakes118_55b920c636fdba7c4343d60801d4c0c2bfe29100131963407b85eed9e1a1ea4a
Size

1.1MB
Sample

241225-w2zvxasjas
MD5

46bcf8af56c96997bff252d506a11ffd
SHA1

00a0ea55eb65d404007c1a9ebf6e1fcb5012a2f1
SHA256

55b920c636fdba7c4343d60801d4c0c2bfe29100131963407b85eed9e1a1ea4a
SHA512

dcda1a18fa6a42ae491b7005901026a937ac5a4c0eb26a6150140b351f415c1ea0bf1647809884bc5df4a4a1f6615c32ed999e09d6d490dc43abdc7b3c5f0034
SSDEEP

24576:92J805OfmUvoo6MfeFkMr4kS+F/i9ZA7C49IPnNt15m:M8058fvhMr4kD1iA9I9U

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t01w

Decoy

yeluzishiyanshi.com

thehardtech.xyz

arrowheadk8.site

zaulkunutila.xyz

lookastro.net

congregorecruitment.co.uk

darcyboo.uk

collettesbet.net

ltgpd.com

hiddenapphq.net

haxtrl.online

esenbook.com

jxzyyx.com

ulvabuyout.xyz

instashop.life

vazra.top

ewdvatcuce4.top

zhishi68.com

fabricsandfashion.com

hootcaster.com

Targets

- Target
  
  texttvieww321.exe
- Size
  
  1.3MB
- MD5
  
  7dd3986b7546f3f40d22a60aa2ff6023
- SHA1
  
  b47f96c5ae85a3ee7c571074208bfaa7a968f673
- SHA256
  
  919a696629c2c0dd9679be7630ada2b1e1173da3bce748980b07fa360872f727
- SHA512
  
  5d95b02b8c626912ede55080579032aeafa969d3a95f1842570c00e514bc5b0fb1b31825b393148bafad99f05406d97458d93e79cc12bbff91b6d2c9a151626d
- SSDEEP
  
  24576:iAOcZXp0wL/6dqr+LXTcpsBIUkjPV99npuezy71oporahr:ocb6EcjAsBIUkj9fZe6Gs
Score

10^/10

formbook t01w discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2