formbook

General

Target

JaffaCakes118_1218c859c65e22d750a8c9c22df3d6555775b91a5ac797b85e70e3c123a78cff
Size

274KB
Sample

241229-28re1azmhp
MD5

a06b8836dc47d60bcc85056cfc8178b8
SHA1

3cac9e2d16076937f6dc1a0c1364f874103789fa
SHA256

1218c859c65e22d750a8c9c22df3d6555775b91a5ac797b85e70e3c123a78cff
SHA512

19fdd81796e62cabfc14a6b77f1365c485bed02e274fff24952c02f8a122a10845240fb44e37f861e5cfa87baca6edd351feb762d392b750b8983c2e08291b44
SSDEEP

6144:/8c7/osAdKXh4tiBMzGVHgJxbEqcIVdVyWFPkKxzAia/:/8dsAZiBMqSxBcOcliO

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s1m4

Decoy

fritzimmo.com

seerefugee.com

f2ymj6ud.xyz

benchessell.com

annplumb.com

malpha.online

thebengalsking.com

ulctuscaloosa.church

fotosenrutas.com

lavishyummyinvite.quest

indielanguagelearner.net

tibbattipula.com

sugarbabycones.com

dxwzh.com

brownsfinancialllc.com

63838.xyz

esscentsbyjhai.com

therunningdoula.com

63693.xyz

ccchildrenscoalition.com

Targets

- Target
  
  c657108efc3f78a3052d15e5f2e8593181566f45c2c3e3316437bf7d6632095c
- Size
  
  434KB
- MD5
  
  f6666d2dc66bf27af205c487c6a017d5
- SHA1
  
  639246ec825c9353bb22842de1b9411e53be2f35
- SHA256
  
  c657108efc3f78a3052d15e5f2e8593181566f45c2c3e3316437bf7d6632095c
- SHA512
  
  72bef879fb5e924078f7af3808f026ce587af4d0abdb60a84696eeb147c79a4b4d6cdfbb16286657a80ae42f9ffdac78f0d61aa869cfa2c9809795504085af4c
- SSDEEP
  
  6144:qGi4U177myi8hHrVAn7PuzIuctvYWKJFa/ft3a7CfzeE3Nw:R87c8xVy7GzxugPJM/ftECby
Score

10^/10

formbook s1m4 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  xzzepj.exe
- Size
  
  56KB
- MD5
  
  0a4cb859a673483a1f5612365975a485
- SHA1
  
  24ae60a57e5a374944c30351d898b5c1fe508c38
- SHA256
  
  ab0d73765ac2310f6401074f9a7d16fb30e32c2b188cb47697d9e0fe0d3ae16c
- SHA512
  
  9756bc2676adc754502f9d290242d71f62ee456ba1420735f78fc514783e26bb97acba1ba74a7921930faba2c55551c14b62b34b54658ea8da4f02e60ab08563
- SSDEEP
  
  1536:fQgl7RYVV2MG7wSRuNpGkJwG5hrqcZljqQHEgL7ZT:fQglN5jEDDhWc9rjX
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4