formbook

General

Target

JaffaCakes118_7e0971e60d9f863d284c4cf2d4318ab2b1d4c7920e64956fd3ad47a9ccee2527
Size

817KB
Sample

241227-b54ytaylfj
MD5

c48f5e686a0667f40274cbca46b704fd
SHA1

9bafaa6d8a671eb51e446c1bc4928862f4ba1baa
SHA256

7e0971e60d9f863d284c4cf2d4318ab2b1d4c7920e64956fd3ad47a9ccee2527
SHA512

6ef5f8a9a7e2a09f7f4fa8e75b63da4ae28809e17f5876e1db40f05e0f7863ab9686c288ecd3df51097ca58cad8c1eb45453fead856fc069fbe4c4cbfc6aa8b2
SSDEEP

24576:yK+GxkS65Knvqr/HQBSATLkaFgww59FjS8KJaoZ:z+GKSYDwgpwgwwLFjSrJaW

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

scr3

Decoy

IHJ9JVzAYK2EdGsB8Q==

tQQl6U7e5rfQ8KVIH41w+Ic=

FYieRjtFwhOhFFSvVIpQ4A==

jKzNCXBNZCpMdnVKatuN75g=

i3wz0asEojI0KuzYp62sFM46UQ==

+iRIHQcTwlOWHYJM/T+p

6JREbp/z4sLyDvm6o+Y=

ydTX2x/IbuLKFF2xYR21

ouHaYURXoZ4tl1L48w==

wR1dgL2/bcttD0jXvGz6LPAY7VzIJrY2Pw==

FGKSZFtrGYYVffi4Qi+596QMmWSffQ==

DBsYMHBNyDPhjzbtq1bmGcYJ1oSs

RJfO+Sz4BOOszYAh

zqxB4ctdj5LoqXhh+w==

WQSNj7gOui405jUyP6Fe0r2yhAg=

iLTDyCL/HR5tVfm6o+Y=

fiq4ygBd+0nXWpkGCwPKXEF+gQI=

2m+ubVwwh0HfKw==

KlJtjJj0jAkT0Dc0Cymh2L2yhAg=

SqLAZpjhRaSrYIJVKTCy4g==

Targets

- Target
  
  a0bbdef47b7dbb6df230758ba5021e2ae60acf37de54d987681c503828dd84d2
- Size
  
  1.0MB
- MD5
  
  2cf26b9ca6de978134bf34e881525e73
- SHA1
  
  3f31fde180f01c1f2cf4976f38f6e142268feb92
- SHA256
  
  a0bbdef47b7dbb6df230758ba5021e2ae60acf37de54d987681c503828dd84d2
- SHA512
  
  99c306ce84c9bec9a27a275a514597a0e1773059357e41105c0f769365666c7298bcbb5038a45492975cfb3ee2965e057b30b63243af911f3ded03089cf6b84d
- SSDEEP
  
  24576:lqco14WIVkJPj6Yhk5Ue0uO0gAELPvLvpSf:lqrGt+JWYhk5Ue0uO0gvr
Score

10^/10

formbook scr3 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2