formbook

General

Target

JaffaCakes118_c7b093c037ac1aeabaf010ec82042f89e87f667f41a5786d14d524c82c84f95b
Size

972KB
Sample

241226-tgyq1aznbm
MD5

1f27ddb31422b42bbc9857b717361658
SHA1

9f978feee1fe7ad4be8410cf72a9122fa952f236
SHA256

c7b093c037ac1aeabaf010ec82042f89e87f667f41a5786d14d524c82c84f95b
SHA512

d38b3024d268fdb3930e05146b349f7827827cc4e897a116cb057c402767a2b824f0ce1aa9f534222f2f65f14d51c942676d3ed1d5ada60d817019514d84d382
SSDEEP

24576:ayckMML8rRlzFqwBY8rPPX+SCsTWUp3KOorplv83ahV:tj9LYxTTX+SgU9VHahV

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn31

Decoy

matsuomatsuo.com

104wn.com

bolacorner.com

dawonderer.com

yourpamlano.xyz

mtzmx.icu

lepakzaparket.com

barmagli.com

danta.ltd

marumaru240.com

people-centeredhr.com

test-brew-inc.com

clairvoyantbusinesscoach.com

aforeignexchangeblog.com

erentekbilisim.com

gangqinqu123.net

defiguaranteebonds.com

thegioigaubong97.site

vaoiwin.info

vcwholeness.com

Targets

- Target
  
  skyrun6678zhwevi.exe
- Size
  
  1.0MB
- MD5
  
  43e40486285956beaffed65745f28b0a
- SHA1
  
  98f08012fd95967761b71b64ce3c91332c4bdc37
- SHA256
  
  c7757a3c21c62d9f56a30bfe1660727de4932993c0d4e3c650f001914599905b
- SHA512
  
  f7ff5cd2ab47153d7f699e55583afa6dc1d34d3e60abf9f43d13011136512d3e48474cd2e13cd9454f53a6260669fe54c50220e870fe3c486a5cb7bc7f6f454b
- SSDEEP
  
  24576:aRA4228CFtXo2A/Nzf1pccEOw2ia84Pj2hQ2PQrY:ah2JCFtXo2Yd+2ia84PShQ2IrY
Score

10^/10

formbook sn31 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2