formbook | 38c59ba61fb5ddf358ba31b75eb6a4d7727b1d43fa64f48ecd9aa89acf947b7f | Triage

Sharing

General

Target

JaffaCakes118_38c59ba61fb5ddf358ba31b75eb6a4d7727b1d43fa64f48ecd9aa89acf947b7f
Size

1007KB
Sample

241229-3htywazqey
MD5

f44e801f82796026a2c9bf459a52816e
SHA1

93b870fc08d12924989ac1e78dc0bc1710bcab44
SHA256

38c59ba61fb5ddf358ba31b75eb6a4d7727b1d43fa64f48ecd9aa89acf947b7f
SHA512

8fb48ae13c579197d6f866b621242c051098ea78d3889285d20d9069335a181f42195214ae8600c0821630e9810b8b6160caaab432f5c06477284a25c5a692cf
SSDEEP

24576:UTNhJEn4s5LAZK8Sj+ht43NmwC5xAVQ24Pwmf:0hJEn7c3nD4OSQ2a

Score

10^/10

formbook c23e defense_evasion discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c23e

Decoy

chandu4u.com

jeniusbank.co.uk

electricridesboise.com

streetbriefs.com

mdcsweb.com

czsaj.com

hikz.net

vcel.co.uk

cosmeticsz.com

nickatkeson.com

nilas.fr

goodstaygetaway.co.uk

591easy.net

kryptonapps.com

heveany.com

londonphotoworkshops.co.uk

quique.website

cointwovte.com

foodmie.com

silverdropsofficial.com

Targets

- Target
  
  Report and Contract.doc
- Size
  
  2.8MB
- MD5
  
  2020683c0740feb8c7a41ea70377b7fc
- SHA1
  
  326a0155051677653084e841125984b63b30666a
- SHA256
  
  3a0b5b12f26a4751964e2660ee62d20b192e00a044cd322f6867acfa25e341bc
- SHA512
  
  b550381f4874e6d0d5d8e7af708f4f122aacbcc1b29fbd7dd528751166591458f1bf2fc725714b2a771cd430a8a02a99999df4a5fa4ee3f277137f2bf7263431
- SSDEEP
  
  24576:l0wKl7r3ezbhrC+1J5nbVlvTagtZwAQd5CTkY7PGfk/sGvidzy5AghAoDmqaepIn:O
Score

10^/10

formbook c23e discovery rat spyware stealer trojan defense_evasion
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookc23ediscoveryratspywarestealertrojan

behavioral2

defense_evasion