formbook

General

Target

JaffaCakes118_80c30db2d99ff849295e7c0a8e6924ead10228105d0d675f02c1244ef6bd0106
Size

285KB
Sample

241225-x3gldstrcq
MD5

d567702d13ddeae99886f3a93f0ae154
SHA1

d46838b89c6005ec784cde3009e1b3f1291f4b7a
SHA256

80c30db2d99ff849295e7c0a8e6924ead10228105d0d675f02c1244ef6bd0106
SHA512

c82ab3a14182285aaf84d05709e7b1f4c0226d1221c670a4502eb1793668c239149580f625821578b384b8321a9ab3238946a72af29888eac7ff5dcbff4976ac
SSDEEP

6144:gU5eQvXds9hxRIAlk7SMLtxPfvNrLZcC5voZjuwOZ4w:qyXds97R9pMPH5vQSwy4w

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sy01

Decoy

aeria.life

jotted.community

mozarspalace.com

bfkoxoih.work

doganmuzik.com

ljsq.shop

vitalitycook.store

74574575.xyz

infiniteuniverse.site

storkrv.com

amendmentsymmetrical.top

adevodigital.com

renammsac.com

tptretry.info

ninfainacquerello.com

25038.top

httpsthothub.lol

yvxbt.com

72028.top

vzxtopi.xyz

Targets

- Target
  
  JaffaCakes118_80c30db2d99ff849295e7c0a8e6924ead10228105d0d675f02c1244ef6bd0106
- Size
  
  285KB
- MD5
  
  d567702d13ddeae99886f3a93f0ae154
- SHA1
  
  d46838b89c6005ec784cde3009e1b3f1291f4b7a
- SHA256
  
  80c30db2d99ff849295e7c0a8e6924ead10228105d0d675f02c1244ef6bd0106
- SHA512
  
  c82ab3a14182285aaf84d05709e7b1f4c0226d1221c670a4502eb1793668c239149580f625821578b384b8321a9ab3238946a72af29888eac7ff5dcbff4976ac
- SSDEEP
  
  6144:gU5eQvXds9hxRIAlk7SMLtxPfvNrLZcC5voZjuwOZ4w:qyXds97R9pMPH5vQSwy4w
Score

1^/10
behavioral1 behavioral2
- Target
  
  Orignal Invoice_pdf.exe
- Size
  
  299KB
- MD5
  
  d9145fe0ca078e3e8ed799105e393108
- SHA1
  
  3dab0d6ac85b82314add7e0773ad05635e5dbc1f
- SHA256
  
  2aa2b861c5fad54e2a32fa2cc376871cd2d80a1485412073f5b5f461a7723e29
- SHA512
  
  8cccc42d5bf3fe345ff3dc119408de574ac3da756e9b0f2e76160b225b21dba7bfbbc61cd40bccaef3c104fb566f3bd53a4ca1c17f55867bcccfbe37fbdc1229
- SSDEEP
  
  6144:ibE/HUk01969hJRIA767oUL5J3RvZrLZcCEyBoh/uwmZZ+:ibw01969PR9xU/1EyBWmw6Z+
Score

10^/10

formbook sy01 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  duzcazams.exe
- Size
  
  133KB
- MD5
  
  9cc4b3dcc8a712968339507dfbefa5bc
- SHA1
  
  5909f209cf93e4365180ac050d663a2076e81af8
- SHA256
  
  3017920f6f2c95870bf938c2aab1c64e77c9b65e7f8ad7e3d81cdaeb58bacff3
- SHA512
  
  c5f5955302883578f4899f9250984bcedc375a7f2c1b3e1dd3912a1e334c8f247df757cb94a4ac8ed94918659b22f0070172dfbe0dc9fe567fece22a7b34364e
- SSDEEP
  
  3072:5DCsPEvMCi32nCnQCqTJhtvjRwDOAa00LSAQzM3JDH:Z9PkKuDTJrFwD5eH
Score

10^/10

formbook sy01 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Formbook

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6