formbook

General

Target

JaffaCakes118_eb75ef667ea9c9bccc8ad8b121fc01cf37027441b1bd0271e7eb6ccc064dc925
Size

133KB
Sample

241227-aylm8awpcx
MD5

0871a401709aff12e85f8ea37f5c2625
SHA1

d57b089fccc6b1938a583d3675b5232de8a56a5e
SHA256

eb75ef667ea9c9bccc8ad8b121fc01cf37027441b1bd0271e7eb6ccc064dc925
SHA512

76ffd1cd879c59aee1c609525c5e034ab35327684bd935701c7b88a1faf3ffb6cd9885d77102348a43665dcc554b79de2d45abe2e1d6a7c5e15b2a04c97ddc43
SSDEEP

3072:Ml8IDdB1PQ6QuhfBGpPejYe+UJNMH/nu0DAjpAFByfC33tQs:MuEB1PXzGpPaYe+UIHm0DcpAPf3tQs

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

zvf

Decoy

slimytrout.com

ericdykema.com

pennystanwayart.com

auliawijayadecor.com

iyundun.com

postforearn.com

xn--4dbaigbvbe5b1a.net

fishhousemarketandgrill.com

cqweb8.com

serverauthcheckmate.com

betterulasy.com

karenhoverrealtor.com

etigia.com

yinggehong.com

brandprtex.net

pusatcpanel.com

reidec.com

ajscghy.com

tvdajiang6.com

freightlogins.com

Targets

- Target
  
  formbook.bin
- Size
  
  181KB
- MD5
  
  ab063fa349f25116b15276ad1e2251d7
- SHA1
  
  ddcdf4314f2c187d04a066380d97959e62c34dbd
- SHA256
  
  dc769e89feccc886334377b01f29dfe4b36c3266c2df8c88ca704919d0b1b938
- SHA512
  
  98abbe10c466b8798093963a479fd8bffcc8027feb2be361a092a98ea32f4960a1dc0e14bbd606752db3950fdb84b17763c81db6911390c88c91fbbacb56687c
- SSDEEP
  
  3072:/qpUoiXhkew9hCgu9gbxNkqqh7vIu+fiL2+TLmym/yyA2jh:Dxtw6gOuxaqqh7+aKsCymqHwh
Score

10^/10

formbook zvf discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2