formbook

General

Target

JaffaCakes118_79bac5827b881ed3f14ec5be77a1da8bc26ef9cdb65666c72bf79dc67c37d36d
Size

230KB
Sample

241227-ak7njawmdr
MD5

2742846fedc2be2fc2a42bf7e5183ecb
SHA1

2f9a6721ef7d13cd0727a5849fd193c89204de10
SHA256

79bac5827b881ed3f14ec5be77a1da8bc26ef9cdb65666c72bf79dc67c37d36d
SHA512

f8d5eb7823fcdfb987547f55e18f621da2dbf81c5cbf1c51c0b15e6fa24cd951c6df5e388a28653f0e846fd167d2c56b74e11f5863048aae02a0c14957ef8926
SSDEEP

6144:nwxuTLSdIefe1h4VcJxvHHtriHIjjDAICfbF+yJ:wxu/yf7inF/EICTs6

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

se29

Decoy

aquabio.xyz

igocargotx.com

eddirasa-dzair.com

seguramenteseguros.com

chimitles.com

coinconnext.com

bjrndaehli.com

hbzxksw.com

blacksoilcompany.net

marcheluma.com

getsmartcars.com

optempoinnovation.com

r3412d7.cfd

mhamiltondesign.com

peak-competition.com

lashenji.com

rebfpsh.cfd

ugjbbop.cfd

binalongbaybeachhouse.com

lyndseypf.com

Targets

- Target
  
  5e642e91516b72121ba30456c103234eaad7895a69929a3b35f0f540a6b8c6c5
- Size
  
  241KB
- MD5
  
  671f622caaaad9137a2eb0663ca0ec70
- SHA1
  
  f93256448a08355dccb1f3348e435f997a8a2319
- SHA256
  
  5e642e91516b72121ba30456c103234eaad7895a69929a3b35f0f540a6b8c6c5
- SHA512
  
  46d9dcd869d919e03c032ea152900f8463298a90cbf598b31c6eb2e6a60c006fd03a2e5114402e69abba84da1dda724226b207a86380746403f315302f394977
- SSDEEP
  
  6144:rGix6Ah4a/KCdg5GfMF5PPTw1hTbqWDgCKz+/cIGdwxWa:N6S4a/5dxww1hCWDjCyG+n
Score

10^/10

formbook se29 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  lsyvak.exe
- Size
  
  5KB
- MD5
  
  665da445aa2fbecbaa1750cac3a263a4
- SHA1
  
  48b6e12c571d12c18f44516f74e0548f8289ade2
- SHA256
  
  1a41e1aec75c713684245dc5235fd61e70d221d01b44a1dd9dc065578bd21670
- SHA512
  
  722e11f030555c065124034f52d2ce1cf078996b8493d870caa67ff99d9a723fa4a7c9d0bdc6dbd026a38522fb4aefbcf6ec35ffc9bcd013ab357454eefc2169
- SSDEEP
  
  48:SIL+El97M8HDda9lnhttxQaMYV7lRkQ2PBTkjfMURuqSPJnhRhR:Ham3HDdWYBE9xShR
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4