formbook

General

Target

JaffaCakes118_b2ade87d1115cd8c87f2123904b7e1f70d19cb5427beee55717edd79d0cec1b5
Size

3.4MB
Sample

241226-3vttmsvren
MD5

2597aad8b6e87c9bd5ac41ea822eb4e5
SHA1

a0a3d2718cf75f418515f6c7501266f1e72b4180
SHA256

b2ade87d1115cd8c87f2123904b7e1f70d19cb5427beee55717edd79d0cec1b5
SHA512

4bd3e3a16397535e74c767c4f6805cbfab690c1ce564af2414e17095d84f60c150ac94d1a377c19b60498aad376b2d0b6fb42ac627a9eb6bb522e1afff19cc3f
SSDEEP

24576:Deyu1D6gZd7X2hnLjFwoJBrZoHirzba01/L19fKbokYxuh7t5kB4xQ8C:h

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

wg02

Decoy

w7c6ppie.xyz

wu6gurfbh74f.xyz

spirtualfreakofficial.com

xn--qvru1fc1gq6i.com

flyingstallionltd.com

travelinternationalnorway.com

legeny.online

geloreal.com

unekemindsacademy.com

ingrossobeauty.online

thebansheeriga.com

bumsb.com

shestampsnotaryservice.com

flipsideattorney.com

heathlytrim.com

upku.xyz

xn--nalemlak-55a.com

jkigroups.com

revitalisequalityfinishes.com

bellaterrahobbs.com

Targets

- Target
  
  JaffaCakes118_b2ade87d1115cd8c87f2123904b7e1f70d19cb5427beee55717edd79d0cec1b5
- Size
  
  3.4MB
- MD5
  
  2597aad8b6e87c9bd5ac41ea822eb4e5
- SHA1
  
  a0a3d2718cf75f418515f6c7501266f1e72b4180
- SHA256
  
  b2ade87d1115cd8c87f2123904b7e1f70d19cb5427beee55717edd79d0cec1b5
- SHA512
  
  4bd3e3a16397535e74c767c4f6805cbfab690c1ce564af2414e17095d84f60c150ac94d1a377c19b60498aad376b2d0b6fb42ac627a9eb6bb522e1afff19cc3f
- SSDEEP
  
  24576:Deyu1D6gZd7X2hnLjFwoJBrZoHirzba01/L19fKbokYxuh7t5kB4xQ8C:h
Score

10^/10

formbook wg02 execution rat spyware stealer trojan discovery
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2