formbook

General

Target

JaffaCakes118_0386237d9dd5d9280a6ed6c397a2090da52fb9576c923579c90d058aa6a1409f
Size

448KB
Sample

241225-wbm4eszrgw
MD5

f82a9bcea780c0e41cbc4a651abe3454
SHA1

d5179c00979dc85f40e75651c227749f6b6b2e22
SHA256

0386237d9dd5d9280a6ed6c397a2090da52fb9576c923579c90d058aa6a1409f
SHA512

31fd9184189bee11af8555282e5b442eff7bbc74a392c8a6d0b89c8e65ac53d36f7cfa5543d2391c75b99a2d858f53c4bca99bf54d4a6a2b1f7cc9267f3b38b8
SSDEEP

12288:wbxFcFXcPQBDeqvYInVNszNty24HsGqIzEO1ww0CX:IxFZuDe+YInVN8kfHFqqWkX

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kbm

Decoy

qyhattj.icu

kyrenegordo.com

tprgaming.com

sparklemodelscebu.com

bladeha.com

19625ne23ave.com

bigbossgreezy.com

topbusinesskerala.com

aikqq.com

imprussts.com

hd282.com

esrholding.com

senxiv.net

arcustomwork.com

buscoveterinaria.com

genhayakawa.com

1sttividalebrownies.com

agenciawebdigital.com

planguin.online

blackmantech.institute

Targets

- Target
  
  sample1.bin
- Size
  
  569KB
- MD5
  
  56046153a51fe6eaa8814f9d11ac34f6
- SHA1
  
  bd55ff7ab969a8aa5485a6c5c6844e9224780dba
- SHA256
  
  abd47175466abe2058151e12919ca9501497dbb286909bf7896d20d59fe73ef6
- SHA512
  
  fd92ff39626538835b8e8eb63c1fbd6c0828d0fc22261077c83b13ce838f72aac58bda29547c3bc3d356e4c4e9af5c8ae5061648fbebd5040b30d31883183770
- SSDEEP
  
  12288:89KZTldLdFz3HEJi5LAWePIBD0WZqkyn2qDdzffF8jo+P1:89mnLnEId+WuFFfNSP1
Score

10^/10

formbook kbm discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2