formbook

General

Target

JaffaCakes118_96f54c33d2a1c8b2626cf4389d06e90989618ac26d5d72bc5d04c1f45bb37dcf
Size

434KB
Sample

241227-atezwawpfj
MD5

c92ebf6b01c4a1666f32d06bb7244d0c
SHA1

452d2d4de00cebeb567c3fda6b555a73538cf3cf
SHA256

96f54c33d2a1c8b2626cf4389d06e90989618ac26d5d72bc5d04c1f45bb37dcf
SHA512

b98f1cd5b034d3b5c593efffbcc2489f5607b398f36af940ba9c1dbf74d9d6ab53611342840c88e5a6aef89371b3c4dcbe9d459a25513576f6b21c91cced4237
SSDEEP

12288:19+5dcRxLJrr5qc1OpSk1cgimhIBQeCZ9kaGjXTJALP:1FDLpYc1CSkoAIieCWXJALP

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

wk31

Decoy

soroban.xyz

irfirstaid.com

irsaycollection.com

thebardownstairsasheville.com

facebookmeta.business

paypalsupportclient.com

metaversusfacebook.com

litakparuikamazon.com

rivianmotorcompany.com

metaversepro.us

ikramfamilypractice.com

bitcoinfuturesetfs.online

5donline.com

rosemount.us

nicole-steinfort.com

performanceautorepairsj.com

scrabblecheats.us

kjg67amazon.com

formerlyknownasfacebook.com

youtubeandgooglepay.online

Targets

- Target
  
  Drawings HQ30-DM140.exe
- Size
  
  831KB
- MD5
  
  948ea18679d4e41402aac119207292d4
- SHA1
  
  2bce94385943922147c83ecff9885a90be7512f3
- SHA256
  
  4dee0eaa7eac6aad2c4a7814d96babd45c25c43c43ab226c403830a5e8470b01
- SHA512
  
  bb468e0dffa0ac9ca36fd609ba9a9ffab322c86f9dd69ff11b697c93f0a796b1bb6453a1312750017295429932b211de573b39bdc2a3d4c7f1169b5d690551a3
- SSDEEP
  
  12288:OhHexvpe47IfpKzAKt5/sWFh5BhvnYjp5wylGl:hNpNkxKzzT/dh5BhvnYjp5wylG
Score

10^/10

formbook wk31 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2