formbook

General

Target

JaffaCakes118_748db637949a17a8b9267e3c6dd789ada3ba9067427f6abe22738655d9086453
Size

739KB
Sample

241229-13gsyayjhw
MD5

b7b913f6309bed654c6e7fb2f498ac9c
SHA1

fea11e90694882676191a88a822a8d740bbdad29
SHA256

748db637949a17a8b9267e3c6dd789ada3ba9067427f6abe22738655d9086453
SHA512

0a879c8b3bee1fc44f90bc450ff4955370f8f8f964ed1797808ca19856157b9a6cc3cd41098562bc1cf2ebe486e8ccf0b56508996155e1f74ed177af20ebec18
SSDEEP

12288:r1w0eoCAoUD7ZLIIxuUB0ElOB9uoC8zWnEZjQTTs0EILugqj0QA4z5bkiS1Mopwg:r1He8zLfxROB9LCE5doQA4z5byWjg2s

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dtn

Decoy

sapphirelingerie.com

lsleep.com

mymemama.com

meatpillows.com

gifts2loveone.com

mydalmation.com

hvacsense.com

corr-new-001.host

extremeasset.com

yevhenia-fitness.com

waiwaizhuan.com

sczydyhgwwgc.com

vdddlqhqj.icu

befierce.today

targetkitchen.com

btfjx.com

siteoficial-compreaqui.com

spinecorcenters.com

truestrengthcoaching.com

truebluenetwork.com

Targets

- Target
  
  bobbyx.exe
- Size
  
  943KB
- MD5
  
  c578ab7bf915d54643e598c11c9922ea
- SHA1
  
  641b517407aa07cfc70535dff27c667f6f104585
- SHA256
  
  16a6d8b24f3aeaa9e7612b8dec2f4c67332dca369774ef8200a076716f89defb
- SHA512
  
  3d6182d73242910be74be87b6b5fe9375b34dfc20ea1e66086b72c094beff01d931305121e6218c696f82c3b97e4d4b820ef5df045cc601326b5bc20e2902b5f
- SSDEEP
  
  24576:hM8VvGeIup/oNMO0q70ALHbvD4WL4We47y47nAzVWI:JCX+O0qIAzv4WF77X7nwW
Score

10^/10

formbook dtn discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

CustAttr .NET packer

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2