formbook

General

Target

JaffaCakes118_df0674d98e3d0cc9287628569c2fd7c67f7675dfc378c0b7cbc7fe6843e7255b
Size

350KB
Sample

241225-z8mqpsxrgv
MD5

4e9a3bebba4774abc050196b853716de
SHA1

5081cd3555d85764674b2c7ea7402885bd55cc61
SHA256

df0674d98e3d0cc9287628569c2fd7c67f7675dfc378c0b7cbc7fe6843e7255b
SHA512

0224b0f337a52ca7f189bf7a68b81994482ba083d6af9847671bc87dc6819527fe9d29930af8432ac8ad31150d1003b564f8667761c7feaccb52e4d157dd7679
SSDEEP

6144:VP6D7lFC0MXxWUSSOEzoDpbEH9tLGu+Ndsz4AdsXqlisug:VyD7lFCp1z4pct6NNazLGsisug

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ey5a

Decoy

lygptkl.com

winsentrade.com

bluprintliving.com

yumohealth.com

cherryadulttoys.com

gianttigar.com

maxhutmacher.net

autostokyocorp.com

calvaryload.com

stixxiepix.com

j98152.com

starsky666.xyz

loadkicks.com

designauraspace.com

wwwfmcna.com

mikakonaitopsychologist.com

kristalsuaritma.com

kh180.com

kulturel.net

araveenapark.com

Targets

- Target
  
  8c218c09f446a0db7b5de9bad9aadf285e81b04673a2db6769ccad09e1e6945b
- Size
  
  392KB
- MD5
  
  abf477b0f1f223cc754772ea47bdaa44
- SHA1
  
  c58595a2b39e58436ed35f887e7b230f436967af
- SHA256
  
  8c218c09f446a0db7b5de9bad9aadf285e81b04673a2db6769ccad09e1e6945b
- SHA512
  
  2af086a54a6d3384ad1e6633bc525c8a6c74b07e2133d83ce0cb67eb80ccd73a2a65127e1f182ea935ef570b8bcc9420370153071d95f711a966b362748ffaef
- SSDEEP
  
  6144:Z9O8QFXPDBvcPvbOtnLa1JnTajynM1QqZVVJ+rssBEueQk:vPQncPaEWF1xZTYrWh
Score

10^/10

formbook ey5a discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2