formbook

General

Target

JaffaCakes118_a67beb83edbf50035fd19811ea92bf5454940f413a16127dbadcebce0a4dbbb8
Size

230KB
Sample

241228-3xxcjswjdv
MD5

a1a2ab5af8feba34344178f9a04a3356
SHA1

1456a24d918d5ca9613e474a7568b9da6161847c
SHA256

a67beb83edbf50035fd19811ea92bf5454940f413a16127dbadcebce0a4dbbb8
SHA512

ef2fdab49b2544f28f75c1a00a9d08f987f008a36d665ff753ec2a611a51c7d844caba8da8f3f74bd50355bd756dba40135f19dce7572f575243dd322f39b500
SSDEEP

6144:7MKYHiSe5HFBVwLbfmCYmUmnRrtwtT++txlky:Q1HFyPWbftRrWtK4t

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c248

Decoy

cryptocurrencylasvegas.com

bestideas4u.com

throne-room.com

cooldow.com

czysys.com

inspectiqwqep.xyz

99nb39.com

awfullive.site

europeconservative.net

minmiblog.com

www588846.com

wakeel-misr.com

8trtrt4.info

vigourvision.com

kaitransitt.com

mmarco.art

inberber.com

m-bonvoy.com

rychlasrdce.com

engleses.com

Targets

- Target
  
  41c0064024a8db4d8fb515bb08fbcf94125b77334b829d5796c60a8d34419e6c
- Size
  
  289KB
- MD5
  
  c6984d665bbfc479337f2947155909fe
- SHA1
  
  333cfe3998a2035c524221acfb37aa2594734f18
- SHA256
  
  41c0064024a8db4d8fb515bb08fbcf94125b77334b829d5796c60a8d34419e6c
- SHA512
  
  0a1d14a6a6ced704a9af9727573a5aa6de377ac539ecc8db33123d7211c95ba7b4f07aa6a12e1572a4f905973d9b4fcfa1e926f9fb473727593a6fa0eef5a574
- SSDEEP
  
  6144:lqwJX7MRbrk0eOJia/QfL+xPwYkf2HQ8lQKFCcVx98aCPUjtE:nJXwRP3IaYj+N5kf2HQ8lrH8fUj
Score

10^/10

formbook c248 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2