formbook

General

Target

JaffaCakes118_0a0aa2a540745ef974c3e40eab6999e4c837692c17f582346a9eb39f6c64e7af
Size

552KB
Sample

241226-xnfesavqdq
MD5

3692fa57f36c4026776b3884733128ac
SHA1

2cb30949c6292a98ac18e319ea6469a5d35dfa20
SHA256

0a0aa2a540745ef974c3e40eab6999e4c837692c17f582346a9eb39f6c64e7af
SHA512

aeb45400629df409e8e0ade2c242469d4995ca466511514cc921eddc6e5f254bc354ea303f352ab90b74c88afe9df20e10e70ed7624667fed67a05f4da25528b
SSDEEP

12288:qlRvwzi1+alSv2ozOvSY2TYrNq79T3CAUMFPwuZoX5CRZO/a66:qwSHoy92TYxo3CMFPwjX5CKO

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cgsp

Decoy

dzxcsy.com

communication-digitale.net

darkspot.pro

neighborschoicefranchise.com

mujeresaprendices.com

ryanita.com

karmelbali.com

lengzu.net

archoneshop.com

auszeit-online.com

incredikit.com

theostermangroup.com

challengesbringsuccess.com

thegoddogcure.com

missshalae.com

mulherviaje.com

danieljosephmuldoon.com

plantitasmke.com

lyson.info

boardwalkcafebeaufort.com

Targets

- Target
  
  BOOKING.PDF.bin
- Size
  
  758KB
- MD5
  
  88528bfe9007c57d8615a2df954790db
- SHA1
  
  4570ffe1a98d532c3f07d85cd5fefad3385afdcc
- SHA256
  
  30ef5d1576242f1583caff2d9a14053d43693a495a3b708715a418a944b1143f
- SHA512
  
  741ef3fcf005207f14c0b74ff5e640d51e313b85be83aa9000bfeba06d0f6b000b2d4065d40d29eed73ad72a56881f293ef6d60e4591a1a11cf76017d9983683
- SSDEEP
  
  12288:dWxyoLLoS60/K7yh0nzTS5jX8Qf/TJIHVh+TWWVjr50XmIaj6hYl8v13Ut:djoLAzeFsKlI1HWVjdKmIa2c8v13E
Score

10^/10

formbook cgsp discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2