formbook

General

Target

JaffaCakes118_94556864decf10552fa3c93ff21180f06edacc3f57168eb4e3d8c1ec872b7ef1
Size

201KB
Sample

241227-afj2nswldn
MD5

2c237a8fef6e1e64e1148c444992ab24
SHA1

e4d568222cc01fa8de0ed8b29d3fd741110ca3c3
SHA256

94556864decf10552fa3c93ff21180f06edacc3f57168eb4e3d8c1ec872b7ef1
SHA512

2b5a729ef7c559cc00419417b8cc4f4df8c1cbd0820f1e5c950ff9b05de6c263a6198c265d032a40464bdaaa2846063749d9c0b032905172cae55cce06ce5eb2
SSDEEP

6144:Qy3Y8dl8SH7z0ds6GsP943ay5QVGdGklFa2+:Qy3xz0ds5si97aN

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

je14

Decoy

innervisionbuildings.com

theenergysocialite.com

565548.com

panghr.com

onlyonesolutions.com

stjohnzone6.com

cnotes.rest

helfeb.online

xixi-s-inc.club

easilyentered.com

theshopx.store

mrclean-ac.com

miamibeachwateradventures.com

jpearce.co.uk

seseragi-bunkou.com

minimaddie.com

commbank-help-849c3.com

segohandelsonderneming.com

namthanhreal.com

fototerapi.online

Targets

- Target
  
  jetss6754309.exe
- Size
  
  213KB
- MD5
  
  ec45a9ff0d37e2c4c4b22f752faa737b
- SHA1
  
  9cb38d97822f17be47da16570a996bce4424aa9f
- SHA256
  
  d93367d117ae7f3d7a13e3958554500d54182cd51c6426448f1d248d732a0484
- SHA512
  
  2e7c7305a121ed39b630fdb58040ee94bb3eb1ab0558ed26b40109018272f71fc00b27358d0a16308405548af4051052661e0a5c44610c20c86546bb673cce5a
- SSDEEP
  
  6144:qweEpk2xjPucCaf8VXcj8JqooMJZgEUpW:bbx750t48JBZT0W
Score

10^/10

formbook je14 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  quhthbz.exe
- Size
  
  5KB
- MD5
  
  76d62afbd866bb7c381a22dc2996bd05
- SHA1
  
  912911b232c8d942231d3935d0e45badb7006e75
- SHA256
  
  20aab90003cd0daf3e9f0cf54d2ab45ff981a72cfe2bdd73e962b9d5e3af7c43
- SHA512
  
  1ddc33c8e47886e1a7abf878011a0d8a4f33655a9a3ce5cfdc7c51a6aef46acda8bd22d9ea1b2572660e9d37dc3af9ce09c0cd11cd62d963c8bf0bc39dc876e6
- SSDEEP
  
  48:vpgJ0Gfhxk9RncozPLOFYTLOFY1MVMkQt8+l6XU6vLUYmRarMy:BZzsozPSFaSFmjt8o6XU6TUVRar
Score

10^/10

formbook je14 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Formbook

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4