formbook

General

Target

JaffaCakes118_0bd6d95e80ee61cc9a7127dfbf5c88bd73ba74b225f3a931b49c26c014f6efe7
Size

240KB
Sample

241229-d5jnzs1nft
MD5

6d649e75c876163d2be43b67fd05be4e
SHA1

f9e916066d05e85fd8263fe60ded931c889fc686
SHA256

0bd6d95e80ee61cc9a7127dfbf5c88bd73ba74b225f3a931b49c26c014f6efe7
SHA512

2e57195952eea2b19b3d56d1d0273765812890107140835385ef5e98a20d2d9bd204962a20c57708c805cb176ad44bb26c6474c5f1f4c80d05d326d6e191c737
SSDEEP

6144:dj8cQKGewDo9UMa/Yz2z4tKla2Pc8HmMQocaMMSbJKYsvVT9lxbeW:dj8cFccxaQrmk0QoTGbGTLJeW

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mn21

Decoy

h3k38c.icu

qbfstopp.com

butalip.xyz

hanghang.club

relativemotionsuspension.com

bjddjyfdc.com

patrichard.com

filyacat.com

mothertukker.co.uk

riescodesign.com

afierypulse.com

supplypartners.biz

ekkogroupmoment.com

ivnocup.com

lycyjzx.com

elbuensamaritanoinc.com

forzel.com

mykedairuncit.com

usuariosconsultasnet.store

idaparry.cfd

Targets

- Target
  
  invoice.exe
- Size
  
  255KB
- MD5
  
  370325f2e5f6a85aaf28087cb739e313
- SHA1
  
  617235f277614da1325dff53930e51bc45ac11df
- SHA256
  
  8692e6fd0eda4246c038c8671a633ee05b8a76b46bd024511c66020ba69e3f4f
- SHA512
  
  88cc1bc807eaefa33b803bc14ecf85078b1242596e504fa39be60fdcd65b94006beeb77fb7d0595e019f6a2253310d51fee9b8c27a45f12a7b880a0dba05c128
- SSDEEP
  
  6144:mbE/HUbWkN7a34BeKtzRVzSnGHWu7xS51LI8Ywh:mb/j7a34oK5rzMuxVSh
Score

10^/10

formbook mn21 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  bjzfttovhy.exe
- Size
  
  59KB
- MD5
  
  8aaf366f0347501bad46a2593664c9fa
- SHA1
  
  8f80b099bc2eeee883fe6f3afb0b295cc9c10ec6
- SHA256
  
  266853551f6890103f71206b085307f1174b185f55b6b87aa3a3d3f189a1463f
- SHA512
  
  d0f4744479cff0f8f25fa312d502629041599aa97801a4ba1085e1cd4b12329d47f91fcfaa638c04274377534114934c2b94e07188355464498b08ed7f94a6a0
- SSDEEP
  
  1536:SvtLu0ZssXg2J2m3K5n2ETMCZQsuyXn5QnQCO:SCsPEvMCi32nCnQCO
Score

10^/10

formbook mn21 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Formbook

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4