formbook

General

Target

JaffaCakes118_6f9657a69e2efd42ae0357b15bd8b4ed82abea6c080d27a2e4104db1abbcc61c
Size

431KB
Sample

241229-efcpta1rbv
MD5

3dbfebdf1a9bb3dd6034e8d2781e0a0e
SHA1

e99211a5f1646b22458e23dc991043077a281f39
SHA256

6f9657a69e2efd42ae0357b15bd8b4ed82abea6c080d27a2e4104db1abbcc61c
SHA512

05fb783db4d2cc64c29be7729d356c0ddfb4341f859ac5be0269043b0831e2974008fd1bc52d4764619c28c3d08d225d13b47e62e1dd885c6c87fb2035014417
SSDEEP

12288:/2Bzc0szifJfm9N7ew4vMHhOsqb3O3W505Ct:n+fJ8JkuhOr7OmRt

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

numg

Decoy

besthandgel.com

infoseru.xyz

c2batlrjd09euxppve04393.com

staminagrow.com

scorpionhyatt.com

blacsmitz.com

verifymia.com

dicklaurent.art

shopnaturesthrone.com

carlym.com

matticlay.com

journeywithjustus.com

teslaenergy.website

dreamholiday.info

minlicy.com

gazeonline.club

51hhav.com

pellicule.net

eje-visual.com

seniorlivingsearchusanet.com

Targets

- Target
  
  89b0625b0fcefeedb72f401a1ae9fba4f0b11f1f78c4b64b468a4e14177da79e
- Size
  
  528KB
- MD5
  
  6bec4e43cd24912599c6df132d6b5a76
- SHA1
  
  aaf1865d3c767a5146056846ad63b3bc45ac49ec
- SHA256
  
  89b0625b0fcefeedb72f401a1ae9fba4f0b11f1f78c4b64b468a4e14177da79e
- SHA512
  
  6b732d50595cf21be3d1c42a32b70be93219c668cae4f0881d55a7b76e47ec7481baffd652b41dd8c153c90479086df5c53557f154c93d9d213c9e2e9cf68a24
- SSDEEP
  
  12288:VrcqJFTPHlAUinP+OT8Xh1UHi652t3OgMT3FHC:Vrcq7m0OT8P8At+gaQ
Score

10^/10

formbook numg discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2