formbook

General

Target

JaffaCakes118_5c7f3f6b3517954283d08c0f4bd61a3b14bae0dc3f806be719a561f90429f646
Size

498KB
Sample

241225-wmtqca1qeq
MD5

c7a6d42cf7916b53fa4e052fbfbc79cc
SHA1

410f50477c1ab6cf6378d2b02cb4b4f6729e3c13
SHA256

5c7f3f6b3517954283d08c0f4bd61a3b14bae0dc3f806be719a561f90429f646
SHA512

cc7cce56ff62e29cf61f327bd65a05fd2a83f37ffd116c55a330f347f69aaa130a73150fb7fc629b2868bf1775bd29019493e6a10dc9886007909e4ae6ec69cf
SSDEEP

12288:bmnVE5sNI8lGHMOCIybCpNwZ2FLWdE+PGD0S7:Cnm5svE9CbbCpMcLaPyt7

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

r4gk

Decoy

quantalix.com

animalblog-eggs.com

039skz.xyz

guttas.net

lasantadayparty.com

protegerfinanceservices.com

vixtest.xyz

digitaleconomy.global

0xpax.xyz

mobilehome1688.com

themotionpartners.com

valueney.com

hattuafhv.quest

js0061gj.net

360metaverse.biz

seculardata.com

346727688.xyz

smartmapom.com

moksel.com

exoduswatchco.com

Targets

- Target
  
  PRODUCT LIST.exe
- Size
  
  592KB
- MD5
  
  d403ceb699085cfd12ada96aa419a37b
- SHA1
  
  8c9831b837374d718e24d35ec7e93f642a2b74ba
- SHA256
  
  ac021bbe155b54ac93bd5ca40b6ca6130174d6d192c6fd2011e9677d56c09f4d
- SHA512
  
  7c549efb3103fde42fe6cd46d6126846aa24afd29856bd59fcb5d66a0ae3854fc7d52902ddb8e7effac86929aa081c26a82e0b4ee1ce9c617919a5e774a10d68
- SSDEEP
  
  12288:9NkLt1ac75ZalBvZ6sOEBb0OAZcELFacWHi+MnMVuL0477oaXnz61QIb:0tkCalCsOw0OACELwTC+TY0gz
Score

10^/10

formbook r4gk discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2