formbook

General

Target

JaffaCakes118_1f127ae580242fa71117f8069a5b8751ce56087331192093663d85170401bc26
Size

542KB
Sample

241229-3vrdhs1kfm
MD5

db143cfae5cc43ea434082b14b697e52
SHA1

651f6877901ea77e489bbe9973083aeada4fc82c
SHA256

1f127ae580242fa71117f8069a5b8751ce56087331192093663d85170401bc26
SHA512

17ad7f1c4302e3e04d72a4ceccb770681d741d8369152f4c60848e05f4742b7d667ec1a11ef73fbeae9c0c10e555a79097369f7e91a643310166fb3cb26ea1a8
SSDEEP

6144:apgJhTz0vD+LokXwaCy8cA05vY2tByaFnp9PbsLF6GHIx4CyGPlwZPXLK+oOO6N+:pAmokXjCAzvY2/NFn2vHITwXGt6T4

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

cqd8

Decoy

9zPItsSBQPthH0B1

iyz2ugC7TUMEaZEDDTNIzw==

uVc25zCFO03zbYzHxXLElk5HHccFoes=

RYDZw1su7yszucXjwqtgrz1tSccFoes=

AiB+KfBdDLRFs8sOAsmAllKZeg==

w5T7/Y1lNGBeMdKkKNl8tUl3fTWjlURG

mcIHqPCaEavSyg==

YA7dyN6xKf1MKJa/RA==

Dt789IRVd/fO8FeQNOiV3g==

jYfu3dS4b/1OL59exnPPEo4=

SjyOSKD6lRhpWwUmMwE8ncB1KOg=

JIT782/TaO41DXw3hYJa1g==

uT4u7SwA+3yA/iCo0O7tHyeffA==

/gJzPfngDySzwndmyHPPEo4=

+Um8wD7b9bCQ8A9cK4Nl1oA=

RaikVqx5ozxW3vd6khgIHsDMgKrv

hyYEyRMIEJ8WdnFePeLgHyeffA==

bCov6raFJ30odm5fJQQ=

1rMMrXrTf7OZqyLVM708wZ0=

U4nspOC6sJ3et2I=

Targets

- Target
  
  b7ab1380649d7f31d577bd69980baf9d97274c95fab12936befd6c3aa12b7fc3
- Size
  
  734KB
- MD5
  
  9c742946914ed5e32ddd328e3d6419b9
- SHA1
  
  c59521d2681504beed0a5a692119471ef3cd5643
- SHA256
  
  b7ab1380649d7f31d577bd69980baf9d97274c95fab12936befd6c3aa12b7fc3
- SHA512
  
  b0e88c7ab34a34574ef6c688c703b03e4744ba1fb8edb2bda488dab920b892223d39dfab41f4828772dcec4ed5a2ad6000de55437f77285347fc980e9f6786f7
- SSDEEP
  
  6144:Z2WvsajJQNh2B0B66GfLIG51eHmNIRT0yPluQaGgZdbCSj2Z152TnsU9OrXLRxIl:x4A0B7ysmOT/luwgZ1iZ1Ks9rRtaiK
Score

10^/10

formbook cqd8 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2