formbook

General

Target

JaffaCakes118_5e97613cb0491ba041dd3e94a510578afbc306a5b317c3441b29cd73e6a10654
Size

744KB
Sample

241229-c81k8szqar
MD5

615ec942fd7743cbccfdb6759c437126
SHA1

f6f39053da5960ddf31513ac7557d24e5c5dcf94
SHA256

5e97613cb0491ba041dd3e94a510578afbc306a5b317c3441b29cd73e6a10654
SHA512

0f4e2349f9c02ed22dd809d105507b9f946e42096e781e5600573db7e15b4a11e9f9d2c28b99c85711d5847bc765890de145ffb3428bb33dd0f0a08b92279561
SSDEEP

12288:24CwU9fybitVS4GmbkCtafSNO/qhtYkmesRyoyB0dvJ1QJafjZJVOK:vCwU9fybit3GOkCMf+O/mGSsRyl+dvJX

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

wh23

Decoy

ow9vyvfee.com

alvis.one

mutantgobz.claims

plynofon.com

southofkingst.store

nuvidamedspa.com

coffeeforyou56.com

opaletechevents.com

momobar.life

abcmousu.com

learnicd-11.com

tipokin.xyz

kahvezevki.com

suratdimond.com

oldartists.best

infoepic.info

mattresslabo.com

skarlmotors.com

cl9319x.xyz

med49app.net

Targets

- Target
  
  madzig1.3.bin
- Size
  
  904KB
- MD5
  
  7272ea4c00d27f61d0fdb06766ec349e
- SHA1
  
  81e72cd1bc4f5213cc41f5c78b184d47f2d36dd0
- SHA256
  
  bfe6a417287d1f3c25bb93b8841620c3a7274c715f749c425d146b67496299f1
- SHA512
  
  3898d9fb2417f484803fd9ef0f105f35e7c986219d635ba7cff78aecfc3617d041eb669f8297942f60248302f49cc12fbcb724484c2ea216a2ad89c49a2af64c
- SSDEEP
  
  24576:mbpDQ4Y0F4Ji4U4+4484olVxA9VJ30eoPF+Fb3bDorUsXQAKZNA46jgPdD:cvFzQ/g9uodD
Score

10^/10

formbook wh23 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  uvrnbijywa.au3
- Size
  
  4KB
- MD5
  
  2b951a4d0cd35c8bd945ba81138604fe
- SHA1
  
  f8400a801766f7bc9d41917703027e1628890446
- SHA256
  
  e1ed35d54e9a1bd2766ab47b66148af3037fcba26604a5c764a842015cee0638
- SHA512
  
  782ae563c588181143a75ef4df136604c68949e4e675d73ae36caf095664a6f5df9a7ec6d0ac4cfdce0fec927351d76c9653080a4672b0c1d7e1ffd005f66587
- SSDEEP
  
  96:h/UUis6Fssiusw/slUUis6FssA6u/slUUA/UPyUue4uJy2/6Q4uds6y2wru4U/sd:h/UUis6Fssiusw/slUUis6FssA6u/sl2
Score

1^/10
behavioral3 behavioral4
- Target
  
  xtzzxbx.exe
- Size
  
  925KB
- MD5
  
  0adb9b817f1df7807576c2d7068dd931
- SHA1
  
  4a1b94a9a5113106f40cd8ea724703734d15f118
- SHA256
  
  98e4f904f7de1644e519d09371b8afcbbf40ff3bd56d76ce4df48479a4ab884b
- SHA512
  
  883aa88f2dba4214bb534fbdaf69712127357a3d0f5666667525db3c1fa351598f067068dfc9e7c7a45fed4248d7dca729ba4f75764341e47048429f9ca8846a
- SSDEEP
  
  24576:fYgAon+KfqNbXD2XJ2PH1ddATgs/u2kaCB+l:f37+KSbq5e1diEnHaCK
Score

3^/10

discovery
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6