formbook

General

Target

JaffaCakes118_df43aa0e11025c4cd7c81411e76ff2b178c9a8ce0f608e21192dbb028c282a11
Size

463KB
Sample

241229-c499wazmdz
MD5

af4a72009450200d12c163a1e05567a8
SHA1

02a3c9fc8c264bb4453369841a4171807a039145
SHA256

df43aa0e11025c4cd7c81411e76ff2b178c9a8ce0f608e21192dbb028c282a11
SHA512

e880964b7504ef742c3026dc347baa930855ca227a522e2454ea4fa967a61316df4ac97c48c15d216f1ca7530d48aced5d82378fae85f8f0bf223a6faa776217
SSDEEP

6144:rwTRCUJenqG7MZJTgMlM0ALDOytHWz8j19Gl9lL/JYbWqhymEwiovbw/D:ECUJuKZJMsrCqytX6ldYdxEp2wb

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g0i2

Decoy

gwynmyers.net

nomonosound.com

rickstaxi.com

sana-adliren.xyz

leontyneapt.com

utorenty.com

uanuhb.space

commercialroofingpa.net

evroprokat.com

camisasdepolo.com

xu6fxyi7bpcf.xyz

punabutay.com

chouati.com

furrylamb.com

oceanmont.com

appregisters.com

badakoutfitters.com

arenative.com

jsboutique6.com

wolfinjuryattorneys.com

Targets

- Target
  
  JaffaCakes118_df43aa0e11025c4cd7c81411e76ff2b178c9a8ce0f608e21192dbb028c282a11
- Size
  
  463KB
- MD5
  
  af4a72009450200d12c163a1e05567a8
- SHA1
  
  02a3c9fc8c264bb4453369841a4171807a039145
- SHA256
  
  df43aa0e11025c4cd7c81411e76ff2b178c9a8ce0f608e21192dbb028c282a11
- SHA512
  
  e880964b7504ef742c3026dc347baa930855ca227a522e2454ea4fa967a61316df4ac97c48c15d216f1ca7530d48aced5d82378fae85f8f0bf223a6faa776217
- SSDEEP
  
  6144:rwTRCUJenqG7MZJTgMlM0ALDOytHWz8j19Gl9lL/JYbWqhymEwiovbw/D:ECUJuKZJMsrCqytX6ldYdxEp2wb
Score

10^/10

formbook g0i2 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/typatnczxs.dll
- Size
  
  194KB
- MD5
  
  3f87ace1c278b0bc50d2322d6e6cf088
- SHA1
  
  d91d0f54a8ecdcf3ab9ee15e84669eb4fa18d5e8
- SHA256
  
  d49a0bb5abe0befd75a4f20ca92c28ba3a4d4828661ad103029f24487c3ae0e1
- SHA512
  
  2b21bd3e2ab0161d7f28dd04119fdd3c7b2fe80bd4bfb733a3dab6601997ca428126bf77bbb5930a963c64130f344a6fa9a64f8a7a228302e2a59331634eff02
- SSDEEP
  
  6144:1UtJEr7KQNzZ/vDXqxnfNahvFp1cck4X3rm6v:1neYFD6TG9pjni6v
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4