formbook

General

Target

JaffaCakes118_333b2201d7744351d1b1991ff6a73e47d838195ad2747ffbdcba866c0ec50c93
Size

231KB
Sample

241226-yjdk3axjcw
MD5

9e8240be6bb9dc5bb39807cc8cc60c66
SHA1

ee8b2ce6bf7bfaeadbf3d7e2247b961f586256f1
SHA256

333b2201d7744351d1b1991ff6a73e47d838195ad2747ffbdcba866c0ec50c93
SHA512

9278def5978d317b07180375b113ccaf227374875030497354bd1f0b6d636b1277939651f16fac55c939d31f5ab8fbfe175fbabc836281bd817cf12d2432a43b
SSDEEP

3072:IZWbQBtRQ9M3dlSjZw0/jo5wLWH9+Mvj7UOUUkCAdBu6XwqQ267Bl7G//xIjvx+7:I4bQBky4Zn/EdJvHFmBR6d0m8aeWqP

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gbwy

Decoy

fortnitegol.com

damoa.clinic

flifeunite.com

smacey.com

geekflare.host

teachflame.com

moneymakersclub.net

hollstore.com

virtual-box.cloud

electrojagat.com

lucianenergy.com

sagradha.net

bluehatcrypto.com

brandaotec.com

elisabeth-koblitz.com

miamielc-kuwait.com

juicedbikeszendesk.com

artesiansalt.com

avisena.net

homiesexuals.com

Targets

- Target
  
  Invoice confirmation & NEW PO for 2 sets of items.bin
- Size
  
  245KB
- MD5
  
  f3c9093843cb99abb526c24e5d5cb8b1
- SHA1
  
  d63fc0888cee40b90f2dcfb96605b8720b60736e
- SHA256
  
  6e71e82dcb056af810baae26909b712ec2dc1610bbf8ebbee00b62f9bb2b3189
- SHA512
  
  9169de6e0a4d10c6e25f643bd8763da3e41c9ed75b976dc7e423c2893ca05b5b5cea0560f7bbfb636235f5d1f874a81a417292a1ee995d5e96b187da2b841db7
- SSDEEP
  
  6144:sTqjF9xMIMgoQS636xTz6bOrmKOUbAuQ+d:ssxnS63KrRAuQM
Score

10^/10

formbook gbwy discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  56a321bd011112ec5d8a32b2f6fd3231
- SHA1
  
  df20e3a35a1636de64df5290ae5e4e7572447f78
- SHA256
  
  bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
- SHA512
  
  5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
- SSDEEP
  
  192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4