formbook

General

Target

JaffaCakes118_7a5a0ac254e92c52dd034502975e23aa340aa8d61e5ad03e6125a9e5ce0500fb
Size

773KB
Sample

241226-1tc4dsslbp
MD5

c80dd12c2b398ec489a4545bc232f757
SHA1

609740a1778629a3373fd498685bd82a19432465
SHA256

7a5a0ac254e92c52dd034502975e23aa340aa8d61e5ad03e6125a9e5ce0500fb
SHA512

627d6f98ca4121c84a1458b657c16e8926cd7089212f5bece129fa2c50df6cdc732cc9f5640c023058fbec8b6b7456b384e4b68a992adf89f6a57c9e88e4799e
SSDEEP

12288:AFhEVGqL8Xn1xZREvQc2YZWVqeT3uggeDqRoti8Fh0+LNXfhdIIXX:ASGh3rZRYQc2YoVqeT+gdTi+9vhOoX

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bwk

Decoy

alexrabus.com

education618.com

nelivo.com

gosanispire.com

cdaboozecruise.com

lovenfys.com

wellsleyarts.com

madcord.net

aadiventura.com

prideglobalholdings.com

tu-aviso.com

rjroof.com

upthehilldogwalking.com

ultraletefit.com

opinetree.com

retiredalsolovingit.com

oculensweb.com

laurartproductions.com

uncontenido.com

elisabethchin.com

Targets

- Target
  
  40619e22c2b83a5d635d00d27fd1f5f1b4f38dcb109db827e0947a72458e19d5
- Size
  
  1.1MB
- MD5
  
  c83f4de174d804301f193c6b1ebbe1e1
- SHA1
  
  e988e9055ee10cc7a8df7a056e0ebf68f473b93b
- SHA256
  
  40619e22c2b83a5d635d00d27fd1f5f1b4f38dcb109db827e0947a72458e19d5
- SHA512
  
  d9e4096819795ab6f329e16de57938d7ed05448aec340abc1e92a68913ae417612c242459703b53f77b481197cadff0e452bf5864f10793f297bde3e2ea70832
- SSDEEP
  
  12288:XbvsEh1mMhKz6qYi0MHaXAhvI0R2X0iQcsiVFQDNBS+suogRQeW08f2r2:QEhz8z6lRc2XcczyxM8ogo0
Score

10^/10

formbook bwk discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

CustAttr .NET packer

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2