formbook

General

Target

JaffaCakes118_2df4ae6ef86f42ce706dfa48d4421b0ce38596b7cc4b4b144a1ad7298ecbbccc
Size

873KB
Sample

241226-1k3bxs1qfp
MD5

851f34f0a002bb004bfa5a4ddf82e090
SHA1

4fd18dbc83f73f12928dfdb5b340114cd1258b08
SHA256

2df4ae6ef86f42ce706dfa48d4421b0ce38596b7cc4b4b144a1ad7298ecbbccc
SHA512

a2fae2583a56525f372b33a913bc20e53208eae477f6780ddb82dafb6a74ef2fae7c3cd9dc848c3eb083b76e6ba4e916bceb60a91fae798bfce658396c37e4b1
SSDEEP

24576:CifEDJad8Sj96aXC+4z5VQ0WM8IhieYjaMA+9qRe7Ez649:Cix8y6aXsVQBM8IhqbbcMEzt

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k8be

Decoy

wakecountyrealtyexpert.com

marianichola.com

artesaniasyalgomas.com

generationstart.xyz

huaiyou.net

takaokaaki.com

akiactu.info

poulmanfatime.com

mosznowladcy.com

post-consumerism.com

mcdonaldscheeseburger.com

mhkxlgs.com

bigbox.pro

littlekylskap.com

tacos-blog.com

leanbellyofficialstore.online

drakesportsmarketing.com

catholicsinglestv.com

gazoo-bike.com

33sexy.com

Targets

- Target
  
  0ef96ff9377d04bcd3e007944145f1f75a4d35a49c283c705d4439d7551ef916
- Size
  
  1011KB
- MD5
  
  926683bcefaa5c0f235a2ab849910468
- SHA1
  
  faad2c56e0daaef20e4fe3b9dc55cc186b05248c
- SHA256
  
  0ef96ff9377d04bcd3e007944145f1f75a4d35a49c283c705d4439d7551ef916
- SHA512
  
  ec484bfac455891323d550c957c658201c2f136c62153c7eb85c9ac0b3366b0f75e25005339ef177da31778f73a1eda2f6d253527b37b8c47eee72f0f435f0e5
- SSDEEP
  
  24576:bKVAMZ/KKLHceVye1bOTijzw4Go5KGUP:uVAMLf1bQy841KGc
Score

10^/10

formbook k8be discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2