formbook

General

Target

JaffaCakes118_cc1c62b8dd91838972b7f45c0d442b471474e8acf464500a491e839fea047423
Size

709KB
Sample

241229-awp8maxjbq
MD5

4d2a360e768110131eaff9a8767e89c4
SHA1

56e84efa45fb5813bc59c7811dad4b876ef77f5d
SHA256

cc1c62b8dd91838972b7f45c0d442b471474e8acf464500a491e839fea047423
SHA512

5a40dd0c049f5793f8bc3d5609b2cfbb7d2b525faee0e8ad5b3a86db5cda079334b156eeaccfa8d19ce37dc5cef52ef07d9c29ae557a56e3123fd5991593c87c
SSDEEP

12288:kbuLerML0R5VQ1KH9bwOjKopVsPvZXipfEWOD5qgplw/Ppvz:IuL9u5VuykOzpVspXiJOwgTw/Ppb

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

fwmz

Decoy

EVMoY7Gw+zpNcMLX

eXADD4RePMOo+0RvOxjO/Q==

HUAzaMufWaVUl6RcbC0gPiu7EQ==

2M3iedmKTSWi8D5pOxjO/Q==

heFzVamRKfl1dwTLbA==

fxyeUGblrhj0MlLfOxjO/Q==

6jEARb17RJQKRJHIYB3LD/+9

3htk8zHUxezkKDA=

Sj1Hu/6kYE4HhsMxSAA=

Zq8IzvjIWeB4+w==

eYiQ3SG7qOzkKDA=

PZMa7lsB2+zkKDA=

aXEH9k8N1q1jdwTLbA==

7BdtDGwYBNOP0i4Bkj7+CPXsCUv6

DPnyLItdG2EPaIItUfICLLc4zvkWHA==

FyEvlOiOVMK3GHUpuVYJaUYbG3M=

MjnCgM52NPlJkaBLbxzLD/+9

1cXQN5JaL3gcY6Z5j1AYg0YbG3M=

39ReTLB4YOVaoSfqmhc=

oP/Fwf+hYLx8ftOlwlU6Iy6zAIHTFA==

Targets

- Target
  
  280dfcc65a689143d9976fa88636c45c1dee63190a20ef72612d384635a22881
- Size
  
  1.1MB
- MD5
  
  d59b57c9148dca2f692fd46b87d5cfa4
- SHA1
  
  02aecf7a03667332c65c998030754f66ca95ae5c
- SHA256
  
  280dfcc65a689143d9976fa88636c45c1dee63190a20ef72612d384635a22881
- SHA512
  
  5ae30d9855d7792cb3a6baa55ec33c9aaf0e33c9cb516b6f509d8febaaf73b6ffc498b84f00f49f88febdd064d87886ccaa08fe85e5c6d22f37248f94686f48a
- SSDEEP
  
  24576:thLuyybqu13JvG47hloOmxpKTFfP/9hnZs:bLuyybb13Ju47hEpKZnv
Score

10^/10

formbook fwmz discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2