formbook

General

Target

JaffaCakes118_6e12f9a1ffdd9f23aec2e9a5c979fa20c7b1b6a37ecbaac6b10c4e4ae412d8d5
Size

664KB
Sample

241225-y9bjdswne1
MD5

e7afc259e8fbbf30c6124b5c8fb2fc6d
SHA1

b786a13af4ab6f46fffeffc05e6e603b34a324c6
SHA256

6e12f9a1ffdd9f23aec2e9a5c979fa20c7b1b6a37ecbaac6b10c4e4ae412d8d5
SHA512

481f8b3b1973840492b70783494a38b8f062d5b39982926676907ead03203fa6dbdbfc87d5775ab307b41c3a9dfbe2d99e52de1003099ff1affab3a7b56964bd
SSDEEP

12288:6va67xYKjpBg/nAiTp/Yz+XUqFxgZrGaTMfiYWsKXLXUnO7knLTSv:N6/EI+pAigGVahsmzUPLOv

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

na24

Decoy

confabulator.info

pointsante.com

knoxpak.site

mhonl.site

peter-elliot.co.uk

transmetrics.site

dali001.com

graphicimagestattoo.com

nicesparthiae.biz

dteonfgdelsm.xyz

truegoatapparel.net

firtokyshop.xyz

v7op.icu

exunix.com

77seven-s.com

explorevenda.com

a-prime-sellyourhousefast.fyi

jezierzany.com

983488728.com

heliosbot.xyz

Targets

- Target
  
  AWB 456789098765.exe
- Size
  
  1.1MB
- MD5
  
  b785d60412390b52a6c634366a27eb9a
- SHA1
  
  639dfd8be745805a2e5dfa94df0f52050a5683e5
- SHA256
  
  08ff2dd59cb681df7b2ac6310a54bfcf990d11b9c7ca3fed51bd043a59e43d52
- SHA512
  
  9ca769093d504497cc62cb1ad19025c3355c4ad0436a75a9509c19f3d7c983284a0d0c76cf4244de8df8eb313753aeba55fda2293bfde91a112fb17ab7f7a218
- SSDEEP
  
  12288:mj0c41hw4e/ehLrzR08f9aU0gWYkGGn2E1CSiwlMfQqK3NvxmZxg1hw4e/:KL4LJKQ0U0gYn2u9iwrTN0j4
Score

10^/10

formbook na24 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2