formbook

General

Target

JaffaCakes118_1e1c3e81871aa971c27e43199a2c020fa7f7f5727e2ef88a041c0a81038af471
Size

133KB
Sample

241228-2x1jjatrbz
MD5

aa32f8ac86db63b3e4425d3a2e3e1859
SHA1

f4ab20af16e922cc472f64569efdb3dd573863a9
SHA256

1e1c3e81871aa971c27e43199a2c020fa7f7f5727e2ef88a041c0a81038af471
SHA512

3ee95c09ec1b8f2e5f1429aeeb4374a60ad3897db59273d0869763136ff121f396dcca874d51ff76026f4db7224d604e1a87895377f8212374500df9f600941d
SSDEEP

3072:I1xYOPCKy60HGgUdACbdcZOT+e6f7fihQTZORqKS/Wl:IbfPCKyrGgUdACbmkTzq7VcUFG

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ht6

Decoy

sjmurphyconsulting.com

trumpshandsoffmybox.com

jiazhoulighting.net

gpssee.net

wanhit.com

serioushaulersltd.com

servbizz.com

livinginroanokeva.com

inttech.site

mirokublog.net

hexagonner.com

advokat-ternopil.com

gtybs.com

pothosautomation.com

keralaspicesbuyonline.com

zzbys.com

ridingthepct.net

16helix.com

basstardbaits.com

windsride.com

Targets

- Target
  
  encodedbinary.exe
- Size
  
  181KB
- MD5
  
  17932b163a4972e3a69c505092c33214
- SHA1
  
  82260cec7e632c73200a5a851e3157461524925c
- SHA256
  
  72c11369eba9b5dbfaee02890ef965bb4640996534851396b9e02e38d4915801
- SHA512
  
  0d5af6998b8d2dce62997d356d077cf0897c0740997e4f403f9921e8579a343a2b6ec1b730215f496847dca8e1fcdb90e701f1e9338e73fa95fe29c92e5ebb4e
- SSDEEP
  
  3072:ajPg70LZf6mSQGhN0Ko/UF6FVvq8hY1gHc+oWAwKmQwCXyQd:EPFJahKKo/a6FhqUYAZBAwK0Qd
Score

10^/10

formbook ht6 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2