formbook

General

Target

JaffaCakes118_ad64f1a33064adc8a0c29975a6edc76862e1329837d054f2ebce51a37ab6a630
Size

614KB
Sample

241225-xvvs2stlat
MD5

25d7b76185c3579f9470a0cd1c627cf9
SHA1

c50bd491b69eebad87233ba71d8e43ab820615a5
SHA256

ad64f1a33064adc8a0c29975a6edc76862e1329837d054f2ebce51a37ab6a630
SHA512

2d29958effb0a7d9a44c31c0177add5eea2086f676e6dfe4dd4a757a30c36999134db76e4b38f22fc90708af6995ea11f658cc366b477a54c78a9ee99830c624
SSDEEP

12288:zb1g7ImgYjYQOrVy6/iL6jO1GXImuBbEJ1KHruiiX2il8rM5oZ:zb1g7EiYQiLJjOInuBTqiiX268r3

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ps31

Decoy

seekbeauty.net

yesfordata.com

renovationbrokers.com

foreversoultionsdeving.com

protmes.online

btobmediabusiness.com

crystalrosefitness.com

renewworldelite247ca.com

erwinsmith.pro

good-teahouse.com

haipiao.club

cristiansouza.online

travelscrapbooks.online

juskhasiat.com

loeilonline.com

ddjius.space

ltoiis.cfd

foundationrepairrapidcity.com

viptexasnotary.com

xn--2i0b30ronaj7nqsnyth.com

Targets

- Target
  
  ee251c7192a96cc30188ef633706e3e5d25b75cbfc80fe47ac698f5c4bd96353
- Size
  
  674KB
- MD5
  
  392537f4a1363d1f235ac4350096ca9e
- SHA1
  
  d5c285d8b23424170fac67084cfa9d40601b6f95
- SHA256
  
  ee251c7192a96cc30188ef633706e3e5d25b75cbfc80fe47ac698f5c4bd96353
- SHA512
  
  db9adad912cf892b4768478cf6c48bf9f2097158e99f7d254aa8f7dcc0c0ec6c2db740fa529ade92a7cc21ad02caacdb7185b57058331346814745618753b5d2
- SSDEEP
  
  12288:P0EbqWjsZ5uEd2iNmG1ZzfRDcq+CgwiqrUCrdSh2v9dK3y8f0N+1dboqwNDlt:8Eb/W5X1dzRAq+Cg6BrE+dKDf0M1db
Score

10^/10

discovery formbook ps31 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2