formbook

General

Target

JaffaCakes118_7e4d84d36889148970a14fd723088957130ba31453d1f43f0763468d88b2e0d8
Size

414KB
Sample

241225-xzeydstmcx
MD5

33435d2a5a69b19f87fc93bec7cfb8d8
SHA1

8f0f2d861337f3d5d43216131a87c83e6cbee217
SHA256

7e4d84d36889148970a14fd723088957130ba31453d1f43f0763468d88b2e0d8
SHA512

7b9f1b4b92805183689c86ffdfa009169f2c5026ac00cbef83388d1daceb1225db510c1724a727c88160eda06d3a6b3c92b8468161e472f288540f9e23e7718f
SSDEEP

12288:8Br7VkNA+O69EQsgqIsgaKdMWuS447zno:8Br8A+Om76G7tzo

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ja25

Decoy

walkinet.com

shuifengshi.com

slowbarcelona.com

memc-gvo.com

bloquo.com

aurelashesbeauty.com

makepassiveway.com

kguvpkh.icu

benny.industries

t04mo9.com

getafurnace.com

earthadventurers.today

partsgt.com

kg0sxa1.icu

p7lzww8m.space

sarkariyojanayain.com

asp7ex4.icu

kg6u7ik.icu

h2butterfly.com

herdesirablepleasures.com

Targets

- Target
  
  SWIFT103 712022.exe
- Size
  
  387KB
- MD5
  
  638558c2f8af532363c3180bb506c96f
- SHA1
  
  459e5a5caa47b028b9e2232c243eaab06a05c373
- SHA256
  
  773f4e455bb27130ff47db4f2d5b4b947f621173f1399cbbfa85181027a1686b
- SHA512
  
  7ad4334f0e67f4175f4a415747baa2babeda1b2650c7788b6e166555406e089c0eb416c26c7815900d7e31506c7412b29c82df4c0f8f1862988468f6bb9bf918
- SSDEEP
  
  12288:bbtN4pIlmfK59lxTbgGQCT5wA/OINDljwv:bbtlNlxgGQ+aAWINZM
Score

10^/10

formbook ja25 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2