formbook

General

Target

JaffaCakes118_5d464483c0780fa067121ae4f37c6c76e036739b7205a584dab60635f87d82bd
Size

511KB
Sample

241227-a6ejwaxjdq
MD5

a7dbdc00ef156fd07310d83bfe479bd1
SHA1

c4ea27028f6af09b7d3680c44bce0155f42915d1
SHA256

5d464483c0780fa067121ae4f37c6c76e036739b7205a584dab60635f87d82bd
SHA512

17d837197087311fb7af8ca92c3e20c5a315cb3beae27bfaa1d3b1237ac85ccaef51e3e5af72598c4162ab0a09e98fc40dea4482df189483397474eb70bf9ba3
SSDEEP

12288:XHVi6EK+7TdiSTX/j1uAttmsaAcrzx5CCe0yuG:XVv+7xjokmVn6j0y5

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn31

Decoy

matsuomatsuo.com

104wn.com

bolacorner.com

dawonderer.com

yourpamlano.xyz

mtzmx.icu

lepakzaparket.com

barmagli.com

danta.ltd

marumaru240.com

people-centeredhr.com

test-brew-inc.com

clairvoyantbusinesscoach.com

aforeignexchangeblog.com

erentekbilisim.com

gangqinqu123.net

defiguaranteebonds.com

thegioigaubong97.site

vaoiwin.info

vcwholeness.com

Targets

- Target
  
  6e9b59bb1b15031d5c758d3c3043c9fc853bc61c3f51a15eaeea1d06628c532c
- Size
  
  516KB
- MD5
  
  1a477f84e3566771415106234cf77f81
- SHA1
  
  2bbe52a661badffb060173e25822d411ae6203e7
- SHA256
  
  6e9b59bb1b15031d5c758d3c3043c9fc853bc61c3f51a15eaeea1d06628c532c
- SHA512
  
  76841c49d6eb39f725d1a8b7b35933b9c52a54b78382c53158fa3807da5092391da79cd1fb9e43c39297e21f87525881c7ab2b340362e87fff529f29f8e67f78
- SSDEEP
  
  12288:8xc93fzB9dNDHKPWxCLxT/ApeN5mTjvPd/SSdo81ys:f9PtwuxuxTokNwf9/z
Score

10^/10

formbook sn31 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2