formbook

General

Target

JaffaCakes118_2fad0c1405a98d28710bc60f6c698f67551eb8ac82159809c63c954186f1b831
Size

687KB
Sample

241227-be6pqaxmem
MD5

4facf5769627a367d3a02a6298a7a36f
SHA1

12e940a8743953e101b7b807e892a888535dbc07
SHA256

2fad0c1405a98d28710bc60f6c698f67551eb8ac82159809c63c954186f1b831
SHA512

091b5258ea6ecc63d54de3a73aa1de6949e77b45320f7951f2fa26de2c1e9399ee483a6204a0b05433f52218e42dc72445b47a5946091c3303c812af95a05b83
SSDEEP

12288:gSbL/NYalWaAgyEa8dIwFeRT+5zHNDEszaBNRzvesTn6k3wodR2s4ZzRzAmDIBsX:gStFqgS8dIseRTMztDdiRLsKwodR4Zlh

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gz92

Decoy

ayurvedichealthformulas.com

plazaconstrutora.com

nat-hetong.info

eapdigital.com

ibluebaytvwdshop.com

committable.com

escapesbyek.com

mywebdesigner.pro

jianianhong.com

benvenutoqui.com

beiyet.com

theartofgifs.com

mbwvyksnk.icu

nshahwelfare.com

hhhservice.com

thechaibali.com

travelscreen.expert

best123-movies.com

leiahin.com

runplay11.com

Targets

- Target
  
  21 de agosto Nueva solicitud de cotización.bat
- Size
  
  910KB
- MD5
  
  14089f35edb31d10e2e9619ee5008159
- SHA1
  
  f75f2aec3c32d5fa43ce9861d273ea9762fa8386
- SHA256
  
  d9993a3a31c12b8f8c15f571680a14fb426e28ecd130430a93e3b3cd34563ac0
- SHA512
  
  7e4a759ca47f8dadb42f39e51d5096a958fbe659ed67c344109c086f36942fb1c5609547e721798ee8505ca13182145d87ed65af5b1069c6c44ec35cc0dd7e2b
- SSDEEP
  
  12288:CG8Dc9F3nC0Py3gAhvKWi/ZDPOB/fXgGgm+hWVqpCyyPqqFizttIOIFye2YX6TZd:CGqi/ZYpq/CnFQt5Re2A6TcYCS4sfD
Score

10^/10

formbook gz92 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2