formbook

General

Target

JaffaCakes118_d90c8f08a6b5a82b6efdc12412194291256d8a7e9d7c82aca11f593153a4b669
Size

235KB
Sample

241227-b5wmfaylcz
MD5

3b43a045ac730678e1091c2f57b59fed
SHA1

074e4357aef192fff5ebbd0c9cc62624cd9b0034
SHA256

d90c8f08a6b5a82b6efdc12412194291256d8a7e9d7c82aca11f593153a4b669
SHA512

5603740fb580eef27a02b49b78da5fe9ccb9f5347d69454bc8063400813eaa4e2866a9042a66d6e6f5124e541d8fb1c6ba08a1ba8823b25eb5760bae42531883
SSDEEP

6144:rp8Mg971WU0JhdHh/PbWCQNhJQbHivsoxp1FTT4mJ:FrgCU+hV9PSCchCbQxp1NT4O

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn31

Decoy

matsuomatsuo.com

104wn.com

bolacorner.com

dawonderer.com

yourpamlano.xyz

mtzmx.icu

lepakzaparket.com

barmagli.com

danta.ltd

marumaru240.com

people-centeredhr.com

test-brew-inc.com

clairvoyantbusinesscoach.com

aforeignexchangeblog.com

erentekbilisim.com

gangqinqu123.net

defiguaranteebonds.com

thegioigaubong97.site

vaoiwin.info

vcwholeness.com

Targets

- Target
  
  a9443eaa7d2d6dcb3c7fc77200c340bdfb7acba3f77aecbb5d07c0f50b5e1ee0
- Size
  
  248KB
- MD5
  
  60268126a7a5c0a03358e7acb155753d
- SHA1
  
  6aa7f8495a0498d437c0a1255d31e1f85a4045c6
- SHA256
  
  a9443eaa7d2d6dcb3c7fc77200c340bdfb7acba3f77aecbb5d07c0f50b5e1ee0
- SHA512
  
  51c376341b15a3355d5e9b427b15d6552a332d2b5fc5934e5705db55d1106b77898396291c4b56ca05c3e00e0479bcda61a6dd354e19d855717fa22a3cc56979
- SSDEEP
  
  6144:HNeZmabIvllTu8EWvbk9Xi7asfYqGcWsL6Rq8:HNla0vllTuWjSiWaWsLiq8
Score

10^/10

formbook sn31 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  kruxx.exe
- Size
  
  78KB
- MD5
  
  72cc5689ff61af5b6ce2ad9ab8e87695
- SHA1
  
  b30d786ff2e5ad9e916f188ecb463392e8ba75f6
- SHA256
  
  16e225b10cd5bc64956c75ac0fa201a37127badec00a33d9b4d5ad0b76e26198
- SHA512
  
  b3974b38475f39def30d4f9cadd4e6c3387f4296a75352bd88cc1f98f1adf9959eec06b1bf9d9f3dc4c0c14baf758ba9fcf8705ce3256a6487afb50afa26bf94
- SSDEEP
  
  1536:fvjZ5WkZHDJlxTM/e3YngleeccAxSpsWjcd6E//t:F5NbPY/IxAQWf/
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4