formbook

General

Target

JaffaCakes118_c608afab6ed74b6138b2aa5a3e536c4ce028ae0680cca9f76cdbe78ae46ec027
Size

506KB
Sample

241227-b3pq4sykdn
MD5

756f647530218bc9cb21dd85d3ec9677
SHA1

b54fb81c9a2405e2ca2c4076b15522901eca9873
SHA256

c608afab6ed74b6138b2aa5a3e536c4ce028ae0680cca9f76cdbe78ae46ec027
SHA512

f6a91385acd93dfd136289288f41b481f35814dde5a44ea2b1edba604fd31c52cd71a90690eefef0822a791849cffbca11183692a7d1055830ee7b8a09a841a0
SSDEEP

6144:4FBaMdO8KKQvWaXx9xGCUy1OuswmwXJZVLLOkFsXfru3Bdv9GCBDYM5p0BstXr04:tEiKQ+aXx2Q0obLLzTv2M5OU57QvkARq

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

zs84

Decoy

kubet66x.online

webtergabuak.com

searlont.top

mariammacghey.xyz

iotcs.dev

soulserenity.online

coop-santarita.com

xn--emagreacomprazer-hpb.site

suistake.xyz

oanavasiu.com

cornerstonepartners.us

rexgrocery.store

4walls.store

kinako105.com

ednateixeirabrand.com

6735468723.online

erin-watson.com

merop.online

evidentexchange.com

1wxba.top

Targets

- Target
  
  sifariş n° 5600885643.exe
- Size
  
  520KB
- MD5
  
  f8af21f5e6bf374da4096d72e177e639
- SHA1
  
  6c103339eaf0b787352326a6a801d5ae9d6d0000
- SHA256
  
  4ef2bca501b3ffbee1ba497670fac37c1a2a27247aa48a955228eb0fa2810120
- SHA512
  
  e90e298204845519f9c272f857669be6f98948a92b28ba6f063b592bb2898cb18dcc228c243d3601f38c07df9b09f49d80b0700eadfdf909f01f3f2e33835fb8
- SSDEEP
  
  6144:rHd/9YLC4IDSVtYIttqwFIWkjrLPMAFxJca5MClL6Y6N5pOvRu9+x+zTzV7:h/2qyYIttsBx/2S6YrvRY+Ip
Score

10^/10

formbook zs84 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2