formbook

General

Target

JaffaCakes118_69b39bf3fe7a0c5eaf1b6819e77ce1d526910658d0d2bafcc3191bd329f293d7
Size

1.0MB
Sample

241229-cr2rzazjhj
MD5

a8268425364266fe5a356e7f088bd95d
SHA1

dd19923a0ef2946e60e94169552fab80bb3f7a05
SHA256

69b39bf3fe7a0c5eaf1b6819e77ce1d526910658d0d2bafcc3191bd329f293d7
SHA512

4715b8507ecf0af1600e684cd7a88a44345bceb1725da99fd24e202eb5d806cfa6861abe2b58160652cd395da70c46d04c313c27ae43702a53ba08d7776ac5ed
SSDEEP

24576:2RWifexqopqdYI/bUPQfBuJkUA8DiVjb5m4uK7dNUdKvB:2RWi2xJpqy0wPQfBuJknkiVnDvGa

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mr06

Decoy

dreamrose.shop

bamdadlive.com

avastfr.com

aishabolduc.design

nobulldownhill.com

navis.store

paintingsantaclarita.com

wdidfhqo9751ds.link

epilateurlaser.info

expertdoctor.xyz

jtfaqyxo.work

zrexvita.live

coloradomarketingfirm.com

prestigehospitality.solutions

bmayple.com

sea-food.online

mejor-proteccion-es.click

tophatlimitless.buzz

inailshickorycreek.com

tintash-sg.net

Targets

- Target
  
  proforma-3289.exe
- Size
  
  1.1MB
- MD5
  
  ac2c24eeb56a0fc9e89d995c4b0d5c0f
- SHA1
  
  cb42fd2596ed3ef2f681de0919fb61293e785974
- SHA256
  
  985737716694171ca5cd45760d29ab6aebe57efcd2349bc5085ff13cdd365efd
- SHA512
  
  ff3a83e78a3677ca67ae22667c341add857f117c40509dbaa7eac2a1d85649b1eaf6317a440fbab7e86e1eff4e53d27a3564081ff320f6bafc24cdc58dcaa9a4
- SSDEEP
  
  24576:0AOcZ2i7g/0jTS8U1L3j5HUSIOg0+MkYG9:i7S9m/5HPnk
Score

10^/10

formbook mr06 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2