formbook

General

Target

JaffaCakes118_83b3bd2c3ba61322996e80163634149c6a8ea7f17cbe4e3acbf1e441be3ad6f0
Size

440KB
Sample

241229-flhnpatjg1
MD5

e3686344395b3429782f44133897ffc7
SHA1

81bcd7923e438f18e722e5b8b64dfdb2fe0ec7a8
SHA256

83b3bd2c3ba61322996e80163634149c6a8ea7f17cbe4e3acbf1e441be3ad6f0
SHA512

5eb9784b49945c325b94f7815f769dbedcd7c57cb068becb461bc1649c6f8b72807bea189ae976a0cd2d9bfe9b0571144d0e54e11cf13e8fefc44e724029bab4
SSDEEP

12288:QlvevGPABO/S1pdoXtqN2Hghcp0Xy68RHnn/bDFjqggY:o+GPAmSiw2WcpYyv/bxGq

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.0

Campaign

3iw

Decoy

cepbank-direkt.com

lieoga.com

officialbetterbeardclub.com

media0702.com

safariflorist.com

vipinternationalinc.com

bitechanalytics.com

employeewage.com

truckingtag.com

priyaladiestailor.com

highlanderpiping.com

enargiapetroleum.com

vermilionranch.com

focusopgeld.com

kalem-euy.net

disypen.com

fairpayva.com

davidguner.com

idreferensi.com

dytt889.com

Targets

- Target
  
  cb1b1d99cbf6d7bb1a30ec1c7ee31c36b8e19230751046688ad1a14b2fec4758.exe
- Size
  
  686KB
- MD5
  
  9cabc06c47b82704fd1b7f2bc179a3a8
- SHA1
  
  83fe695a745fe1a0f81cf1ec71cde74a9d4b424d
- SHA256
  
  cb1b1d99cbf6d7bb1a30ec1c7ee31c36b8e19230751046688ad1a14b2fec4758
- SHA512
  
  f45e4bf071298f3ad5e007db4c5ed9ffd723c50f34efa771d37a1b484bcc09fbe77a20c59dc72a40a0c96837afc12c67258ace11e04e1d397dca64fdf821d043
- SSDEEP
  
  12288:dl0++rKR6dSkULoqZ/b+sVUaGMUgdiSMa4Nk:dl0RrW6qtbuc4Nk
Score

10^/10

formbook 3iw discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2