formbook

General

Target

JaffaCakes118_6f898006f76992ff78c22aaf03ab2c1ed3ae9d5a175612f3e0033d35af1d99cc
Size

571KB
Sample

241226-xslglavpfw
MD5

231756c82e4b20ac6b2808386f873968
SHA1

9ce721cb0c2afc773a923f2a64ce4fae307dc321
SHA256

6f898006f76992ff78c22aaf03ab2c1ed3ae9d5a175612f3e0033d35af1d99cc
SHA512

e8ef41f5b81d851774f92c4b577d4a8b8fe4660e84a5d7ed9b21fa818d827345f38d1ed249bfedca335452c50394c6c4987db8549947134ccb73c73909858522
SSDEEP

6144:puz+PXFmEOpUkNaG/b3DSZ/h5lKr0isFVy3kw6ZACGPhggb82HAil7hccFIfUIPL:TXItDDU5em/kqgDHhlNIdZLiZxZPwtg0

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

gski

Decoy

w4dqmeRbroucK1d6Rjoieflr

4aOmGT8hdudzUsv7ZSwieflr

3sTC4jMnhzX+pOJNTZ4=

JcH9cI2V8BEeA0eA

doY0NLSYANTXiHt9/fbsP706cA==

KhN1zCT4Nb5T//UnNQ==

y4/RV2RRqNEr0c4nzNWP

x8sfUpcmiXqxdfls0dSN

rlygM3RQmQ7DliRSBQUKpWJ/FuU=

s672RU9HtT3XWaTvdEidsoLRjZb5J5oE

uaT/Znv3O9WfXs8GBluj2Z2szeMP

QvElhI8JUPHBlRsjsodB5GmUzO0W

2uM5rt7BEpcswwJhDA8JnA8=

TDFfhORfvuRP//UnNQ==

MtPNDl4mh1dSxgZs0dSN

ejpoOLXE/Wa7zMwppl3JOt8faA==

8qPraI3lOFSrRmCSR4EnHQc=

+LOpAwtx0LfGnOJNTZ4=

wMQehpwddDxHII+rVCwieflr

8KPhZrjGG//aix1s0dSN

Targets

- Target
  
  a0b19468a7896874e57b014b28e8d3abd1707e2b52a8ef1bf516d4c1a76a7b42
- Size
  
  868KB
- MD5
  
  f69ca46a59bc720a3edf4a1c3698418d
- SHA1
  
  f0e01c9a9ca63d1b1d507be06bc9aa2c044db500
- SHA256
  
  a0b19468a7896874e57b014b28e8d3abd1707e2b52a8ef1bf516d4c1a76a7b42
- SHA512
  
  835691dd5cf84e272384d5203b89e18c56f6509e74cb9fc60a4530e8fa27e292c76b91703b75940d1a4df4900e14dca376f494ebbb3ce92f8ee6f24b2de159d6
- SSDEEP
  
  12288:exTd+lc9ogYATuMFct1sPdqrQ8IvPHMvUok5pPzoADqjJ5n:Y6ccXhQnPH4k5pejr
Score

10^/10

formbook gski discovery rat spyware stealer trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Contains code to disable Windows Defender

Formbook family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2