formbook

General

Target

JaffaCakes118_ac454f16640efaa4ff900a89091006d711730e8f58cbb3d3d04af84df9f477ec
Size

235KB
Sample

241226-3gkc2svmgm
MD5

815fcd232fc73ff5976b02ab44bac06e
SHA1

cadcd41f443b5ae80c2ea8210a76f89e8d9d066c
SHA256

ac454f16640efaa4ff900a89091006d711730e8f58cbb3d3d04af84df9f477ec
SHA512

da320308e757474e14ab170974fedefd8caaef223779bb15262f26dee10c79ac049a9969c74463f2b3be76296a1b56907a5039884b8031ea124502be77dc91bf
SSDEEP

6144:j2856eQ+vfHw1sNSnerkM4Z9r/KbXTHi00XCxWOeLw:j2855HAiExkjHd0S3ec

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e0l9

Decoy

packingfairturkiye.com

khenonline.com

mydactil.online

coriliechty.com

canadazk.com

freeloanseva.com

successvideo.today

infinitelifetransformations.com

unicryptdoge.com

ecolifeco.com

luxefashionaire.com

lqctqtal.xyz

liveexim.com

happyhempbakery.com

paypalverifie.com

wingonvacations.com

flawdogs.com

shalomsingapore.com

ruscc.xyz

yaxi868.com

Targets

- Target
  
  1f0dfaeee8860dd10d592b0632dc1ef8c2fa1bc9681e0f9e29ed632f2260abec
- Size
  
  315KB
- MD5
  
  5b9271a33d0ac9c8b59bb27cef2b3834
- SHA1
  
  98f16671e6b09b68721a73bba9c5a15e7c4ee664
- SHA256
  
  1f0dfaeee8860dd10d592b0632dc1ef8c2fa1bc9681e0f9e29ed632f2260abec
- SHA512
  
  b4d7e76b92b641ec2ae6702e5c955ea60ff8b7a5b77e1456fea5118398343c3501dd1f6b1b1e82d60ee5834c583cf22d74ff0b2455e2939e6e88f99562bfb2b6
- SSDEEP
  
  3072:J1NjcVVnLpPuGDFsb5Rchf8BS6YbMZlfBtwTrSJxbVrWLK9omNYFkPthSPhI/cag:zNeZwbcu2mYmJxbnokteYwHqyTV
Score

10^/10

formbook e0l9 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  wdxsx.exe
- Size
  
  4KB
- MD5
  
  c23f252a4352c30c3473e3fbbdff84f0
- SHA1
  
  d7240c2f65d1509e51c8461d835a1b14e167ad4f
- SHA256
  
  6bc4f989450cc6a3d1e220371fc64029bfac461429b035b8db90ae56af7dae8f
- SHA512
  
  87ef7be0450bd6b40d1d63fdcb66448b8aee04ec9627dc2aacde848ea83e042763d8ce8b1e94547a00b316ce29447c5a036ca92e3baf5315088cdc473edecbd1
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4