formbook

General

Target

JaffaCakes118_188fc0e1a5a4e4106a03a3967d52f22caedfc1354a42eb235ed6d9bb24abef8e
Size

604KB
Sample

241229-cyj6hazlgn
MD5

234b944dc2fcdb185f56091f9bb8d2be
SHA1

7186254d4dd25b073d8ed36c44741737ba966c03
SHA256

188fc0e1a5a4e4106a03a3967d52f22caedfc1354a42eb235ed6d9bb24abef8e
SHA512

d999444e3c6badc35652a652a3308a1f1632f3cc4cfa0b1f9f56ba343775a50299329706a6a8cff290f06db373a569b506e3dff7b5680aa0253d99dbb9716c16
SSDEEP

12288:GGsCGQuarOLPBfQqJrx5EJLoi4YJoyE8DtvSBs5uMgJObwdcYrVIJ:GP7agBfQqPaLUY1Ekt6BSBZs+YRIJ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bmmo

Decoy

nosethecat.com

sanfranciscoclothes.com

laonzeprime.com

ecscart.com

pruearomablends.com

birdhousecustoms.com

giftforchange.com

madribr.com

thepickupmerchant.xyz

lidajian.com

gsxsell.com

cancerandwt1.com

paradisereport.com

wpsexcel.com

baranbey.com

kp3d.net

healous.com

eagerlygrowing.com

faultydev.com

virtualcarenearme.com

Targets

- Target
  
  Payment update.bin
- Size
  
  741KB
- MD5
  
  bf34896fa20667412fdfc4f2da5b2b2d
- SHA1
  
  7af4a5bbb6e45110543cff78a221075cea4de721
- SHA256
  
  5810c640bb4219ca39bc8a0c8b50f8447e5e47784e75dfdacdce65d5d2c31e47
- SHA512
  
  adb61d4380e54e03d3aa80ec099fb4a5ba7e78e0246adf1e548f83e8e7adff03067508b637798c8d076960059444adbc981f02ae2ec6e47838be43f83e4c028e
- SSDEEP
  
  12288:mz2WFHmst7SPQnpAVH2rXOqoZ/wNQm0G+oB7hXC/2aEMnJWYTl:glHT7SPQuFT/80GVBlX/MnJWYT
Score

10^/10

formbook bmmo discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2