formbook

General

Target

JaffaCakes118_0b9a2a5a1d8492d4f5bd8737cc9ff67e2d00c4c1b815da88a471661ce4f3dd10
Size

299KB
Sample

241229-222mdszlc1
MD5

7714813ba0682ffd89d4160a77adf05f
SHA1

2088f28b99835c1ea0f4ff1632c0ba8c1a6b3546
SHA256

0b9a2a5a1d8492d4f5bd8737cc9ff67e2d00c4c1b815da88a471661ce4f3dd10
SHA512

312049149f9923f959aaa8f66e7eb31f3687871020da8bcbe06e7b6e64f7c23675335ebe208e06a96eaf8794dc78ce467f8b538fcab2d7cf98b2c6b1429f8ffa
SSDEEP

6144:N1Oe3w8ihYkB8/F+8j0/L2HhqstfjGzt8QLlVJxwbNWhVrp3oA4/N:N1t3w8//FbOL2Hhfj5O7AWhUtV

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a6hj

Decoy

unlocking.solutions

porscheofac.com

alinadaubermont.com

firstcallindia.xyz

sanot.top

lamborghini.my.id

vbncbcbcncnbcnbcnbcncnb.net

firstclassescapes.com

bestblondehairstylist.com

cncdt.biz

finkeng.xyz

unitedbcttles.com

redbaby.store

5donline.com

theonewayclothing.com

jgcenterpriseholdings.com

hairshackvb.com

thepunchypineapple.com

fm-conseils.fr

Targets

- Target
  
  PROFORMA INVOICE.bin
- Size
  
  638KB
- MD5
  
  a3b8d59430deef4d59ec0d47a60af449
- SHA1
  
  4cb4bef74a68cb9a55c8eed369a7beea317e3840
- SHA256
  
  1339a93d8ca9b03d1b55ce0d283da6d320bf04fc515a8259597c635901c821d0
- SHA512
  
  402f97692a312b8a70ea22e585f13c1c81336a1a7845202f2368622c1a1422b25f779778227f3ab4ddcd250cd496821486918a8e73f6d527c4262d827fc11474
- SSDEEP
  
  6144:uGi+jGL0og4dDiXYOg8XQ5iiRHTjO0gBzxRmpwCxkZ6W6q/Ba:A1JiXXngQEHTxgBzxmwckZ67q/Y
Score

10^/10

formbook a6hj discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/dvxpshe.dll
- Size
  
  66KB
- MD5
  
  45f315f24046abc7cbe07a0f08a500b4
- SHA1
  
  5fcbdb3743ac2497181bd800622b98033e0232bd
- SHA256
  
  231d2605fc4ba8b8abed10831692542931ad6e7f647225376723cf385695f1bf
- SHA512
  
  a2df0a846c508318eb0eee02921c7f345aaaed5fcc25bee179eb092586c145b8348fb232a22a349fe2bcfa9166778c5812062ce89782d7f8fb2de56497f10a31
- SSDEEP
  
  768:6PTL7gePJuhk15raztjcwg0Jm8jYMLZdSDoeA/BUi0O281TbUfszDD3VlcwLVj:6bL7geRubzt/gyj1LZqOvRbUfsbrTR
Score

10^/10

formbook a6hj discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

Formbook

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4