formbook

General

Target

JaffaCakes118_187fda2b830429934ff2d59c014f05098bfb323d639be258f075efa4309f5c0f
Size

265KB
Sample

241227-ag4sgawkg1
MD5

a0a1f5ff78c714b094a5fb386e02a7a3
SHA1

10fd01e713a5b96d19fd636e646f231bdb059bf1
SHA256

187fda2b830429934ff2d59c014f05098bfb323d639be258f075efa4309f5c0f
SHA512

6db4734f3b1f13f4ad87dd3b604a8c6b37698e7b788604d53fd42a3cf0af9155c96f54ce5d2651ba2f905a385eddf0c57284bda0078bba4ad5f71adde9e05fe2
SSDEEP

6144:xNeZBEmUT5ohIP1DT1SDLiXoina7ZnkOnIhB:xN+BI5yWHOiXlKkHB

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

fkku

Decoy

ItLUfbYmkw6ODl8lnvwkR/8=

oUKMUSjydqzVWxG/CqjK3ngAhQ==

HB9lfRtFwT/XlJ9Lxw==

hBYXuorq7a3WwPq1NSezCMStlQ==

ciRqfQbLgwx/+e2rLqTZ8oMLc2LYY4o=

9vb76Nc8JzKlj4YEQyPAx2dx86U=

fB9041xJgwl1

ND8juoNyH6x5XqlZ2Q==

QEaot04y8XLjFOBp1Cg=

SG6vmdmmpmFmDosczg==

WWCorUT756r1F+aD3cd7Cij6nSFQ

Yl63zVL2NnFph44XcKkiP/k=

s2RfFNOd3fuBEJNZ2ig=

u1p6Ucr2uCketwGD

0vD8lFkSfRCHEJdebbrb

qzlqgxrsrDRmDosczg==

H5aTYXc2rHXjzQ==

S/pFbexYx0S+Ex7SN5rC

9kOIkRTWkA136nA2Ua/R

ojOElJ50E1N40ZNanCbEZw==

Targets

- Target
  
  JaffaCakes118_187fda2b830429934ff2d59c014f05098bfb323d639be258f075efa4309f5c0f
- Size
  
  265KB
- MD5
  
  a0a1f5ff78c714b094a5fb386e02a7a3
- SHA1
  
  10fd01e713a5b96d19fd636e646f231bdb059bf1
- SHA256
  
  187fda2b830429934ff2d59c014f05098bfb323d639be258f075efa4309f5c0f
- SHA512
  
  6db4734f3b1f13f4ad87dd3b604a8c6b37698e7b788604d53fd42a3cf0af9155c96f54ce5d2651ba2f905a385eddf0c57284bda0078bba4ad5f71adde9e05fe2
- SSDEEP
  
  6144:xNeZBEmUT5ohIP1DT1SDLiXoina7ZnkOnIhB:xN+BI5yWHOiXlKkHB
Score

10^/10

formbook fkku discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  xscfbjx.exe
- Size
  
  74KB
- MD5
  
  08b101029a510d1467056305f8bda101
- SHA1
  
  938d534e3584b132ece92f01e0089304b9587803
- SHA256
  
  3d897c1632a6234082cafef209af7ddb9f91a0af33b03e6d004e153a54d622c0
- SHA512
  
  631cc7c7a08b9492661983200ecc9b96c2d958d756808ed8b5b431a1a29ec92d360866c41c5d8307a3d185bcdedb4e66d661ec812d47d1ae057013a8cbc0ccbd
- SSDEEP
  
  1536:xjLDJzMtIyKhdKim2R44oQWUs5PRoMLEEpt8vTlJssWXcd5CM+ea:xmIyKhwxQWUs5PRoMLBylh5CMXa
Score

10^/10

formbook fkku discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Formbook

Formbook family

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4