formbook

General

Target

JaffaCakes118_dc4fa64bbbcd740a67ddc7d45d640d63773bad24e4da393345920a71881208ba
Size

699KB
Sample

241229-g7rn6avphm
MD5

97678c9615226973013ad06c03590835
SHA1

4df0f887d273847f71d4f71d3d94d0bd2752ea59
SHA256

dc4fa64bbbcd740a67ddc7d45d640d63773bad24e4da393345920a71881208ba
SHA512

e481da254c8e708781dec8ba247a115932ed8f8acc5efc845314afd0ff76d47344fda24db4972e7e7cc50461cf623acebb057214ac394ee2b9e73296b33ab634
SSDEEP

12288:g+ebhG/du2+ELDDsAVDjI9lzSOLlvRprJssS5tR7F4LiHR:gecgmRpds95tR7GiHR

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

wps3

Decoy

jtekcreations.com

funstuffrus.com

golomt.design

alargebeer.com

gravitybox.info

kiwifruitcar.com

ee34ngty.xyz

sejawco.com

edgeomni.com

ackdistro.com

quangtv.one

m3rrqandonic.com

9512355.com

0ufkf7knwp.xyz

dada8881069.com

androidchitchat.com

freight-indigo.com

poppersvancouver.com

wu7d27eag2dn.xyz

bluemabell.com

Targets

- Target
  
  afvwHSigHFXCUeB.exe
- Size
  
  790KB
- MD5
  
  c3fa5d83eb19b8a6ada7964677ea7b10
- SHA1
  
  34b56181e7ee8ed8d74dfe4395519c5eb28f210c
- SHA256
  
  b7ac8ccaeb9ae9b7311d3432a0ec471ff103bc32b52b3ab29b649bccf67a875e
- SHA512
  
  f047817fb405639fca96ade95d197005fa9d307a01f4941898791dc507bd9afbb7ec307b99cdb260cfafb496e696226c2d05712638e0474c2440ece6c6fc0458
- SSDEEP
  
  12288:5Ui1TAQk1Y95TthyAk237yMW92GtqsnvEHPVKPOldVFO4SA:ai1kI5TDpT3864vEvVKPO3
Score

10^/10

formbook wps3 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2