formbook

General

Target

JaffaCakes118_4e953e5a71ebeac5869f9529fddfa9830eab334596139bba993df620523e8b2f
Size

502KB
Sample

241227-apcnyswmdt
MD5

f86916b89266daaa7931ac75e88f43f7
SHA1

c1ff9e0a6335cd476b96affcb363a8bfb6af93d0
SHA256

4e953e5a71ebeac5869f9529fddfa9830eab334596139bba993df620523e8b2f
SHA512

c81bc508488bb52bad1696b8df03022709ed02e13613f25d6e4119f2d1b6605511dee25319363ddccd54f7daa1ddc78ffee1551dcb3f0e9b97861e182fbcc37e
SSDEEP

12288:/pGTEHClm87udBlHjo3XsX0A/OL4XYTbkB:xGoCxulHjYsX+VbG

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g4m1

Decoy

detect-guide.fyi

ethmetaverse.info

21centmasks.com

statemint.network

decowonderland.com

phairrealty.com

drhillda.com

wir-koennen-gesund.info

m-cloudplatform.com

baduapp.site

trydextrus.com

unlimiteddecorations.com

zagfundraisong.com

gaincapita.com

przemekkulik.online

joshwiliam.online

k8worldcup94.com

soobanhaider.com

dein-hochzeitsladen.com

chirpvision.com

Targets

- Target
  
  Facturas Pagadas.bin
- Size
  
  536KB
- MD5
  
  ad3b7a36fc62bf369b5c563d2b5db945
- SHA1
  
  3e43c14f9e010f1bcdcce6618f9ca5503de08579
- SHA256
  
  af0af3ebf3ac231ad77dbe4cbfa0fb2d48312d4ca0b5431081046ab09aa3b552
- SHA512
  
  2de28e6d8dff912a57e958ddeea51876cbd10e448221807837b6ba6a592acc70434d3be7f1695e3651ea6c2483d0cb3220be96f5e93b1be3f5234b1e5060e811
- SSDEEP
  
  12288:9IdemtiK5oBfZQElcqE+RqFoVnQ1PSYNsEOmuBE6rp:V+FoBfDcqE+4FInqPSzmf6rp
Score

10^/10

formbook g4m1 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2