formbook

General

Target

JaffaCakes118_6f4e9a6a4df1ebb560c92b10c56280a2cc05a07056d127cc8afe47556ed9bec3
Size

501KB
Sample

241226-xycfwavrct
MD5

d4fbfeb5774fd4c86fbe803c5bc0a0d7
SHA1

23aeb7f61579794f46221f2779b2fa206b79a60f
SHA256

6f4e9a6a4df1ebb560c92b10c56280a2cc05a07056d127cc8afe47556ed9bec3
SHA512

1730d066c8535f2e468b95a4162cd0bef6d3b0413a03839d4234a62af67902fa18f9655047465390903162ec6804fa7672023a6f8f4dcf22dcedc08dbc0ab78b
SSDEEP

12288:RXo2Joox5ScyonAKikzfi0RZq8QHo9WsMM:W2Joo+c/nA10RL9WlM

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m6tn

Decoy

deborahtokarz.com

bearpawshoe.com

fukugyo111.com

chacie.com

amoresalonprescott.com

aiiecrs.xyz

betmoristv.com

metauniversalmentalhealth.com

miravalfarmspa.com

satyrwoodslifestyle.com

biomend.life

dolevelup.com

fengshidg.com

alshuhranews.com

nuomisummer.xyz

mankaucleaning.com

sierradelaculebrazamora.com

311ly.com

universetechco.com

duurzamepopcornbak.online

Targets

- Target
  
  eac788bb8bcf8bc689550efc391941cc112c5bd92f227cc71c2ae6f42842ac2d
- Size
  
  595KB
- MD5
  
  2f24e23110366756b11b46d2cccd7aeb
- SHA1
  
  6ad4e3016224725a991492d21c6811c0dad51fdd
- SHA256
  
  eac788bb8bcf8bc689550efc391941cc112c5bd92f227cc71c2ae6f42842ac2d
- SHA512
  
  1ced575e2b17883f68a2f3b1847a4540109f9d87bbed3d25c2deeabcc1f09550e952bf38eb652cee6939d1ddf0b30d070c9d3638f0713f660f895209f8bea903
- SSDEEP
  
  12288:0FIkLt1kuvZu0qNWe9mD+zT4u3DTFlebL0477oaXnz61QIb:03tDvYjWeM6Hx3fFle30gz
Score

10^/10

formbook m6tn discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2