formbook

General

Target

JaffaCakes118_6f832e96aa50ce6c2ca898a64c4ca8cf30325686011e455692789166428aca62
Size

340KB
Sample

241229-3cgflazngr
MD5

1b198d28334f5e90102772104a3f9357
SHA1

cb49ce91ded970109ca5a6c14a4058438d58f126
SHA256

6f832e96aa50ce6c2ca898a64c4ca8cf30325686011e455692789166428aca62
SHA512

5079790993675b74523a230400177c7f4314388fbfce1cfa949e1effcc7a7342516bbb559a7053d381b493c810f69f3d36f4b19a576df0af76298a66e57d3410
SSDEEP

6144:8sDGqBfLxjA3qZUevkBwf8fl4FRtjucXvMqfz+rcKeWTdKcMSX2Z:PflxcSoBwEgRxu2kqfz+h/UoS

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

fa96

Decoy

ibigpanda.com

sobac-cloisons.com

jncmls.com

bluntntrue.com

xn--6qxt28f.net

pgschlumbohm.com

houstonstrong.community

bowtiebakeryco.com

violetvanilla.com

key2fresh.info

marlaneonline.com

formallyverified.com

bestbuyiptv.link

moldaven.com

servicentre360.com

valuecodecouncil.com

marcosnovaisedaniela.com

intactmm.com

demasrealty.com

webstar2000.net

Targets

- Target
  
  SwiftGPGN.scan.pdf..exe
- Size
  
  498KB
- MD5
  
  0f9d503be0f7cc4888401da654b38c91
- SHA1
  
  f12bd616f128393421fc5b5cd0b677029660ef28
- SHA256
  
  8ef633a5bcdb8ba341e82310b6b1a4b1684120f60116d85f47f50a9acb9f9060
- SHA512
  
  22255fd6ad3a546844b160640e21a326e9e15536b918b2e3ab9d28c37b2389d9d77ce7c63149a601440a2d611cb33231fd0492b96513adad74cb08ff96eabb39
- SSDEEP
  
  12288:gy7AfWqC2Dw2iNq2iNIFO9zSUASdSNKF89rU:gk1I1NppAPK+9
Score

10^/10

formbook fa96 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2