formbook

General

Target

JaffaCakes118_c88f73c018114de3d922be96e50d9b4b2cd96bf9a8bbedc96eea6a858c4ea342
Size

435KB
Sample

241229-gm8ryavkbx
MD5

9e522860cc3ced5ee2128b85232b3067
SHA1

f9ea0e36874a14d9b535fc7d0209c3aa935062af
SHA256

c88f73c018114de3d922be96e50d9b4b2cd96bf9a8bbedc96eea6a858c4ea342
SHA512

249fffd6b684594da21f5b6f28a95d005d625ef7f00040857ed45ef453324db2fee2841c9319def934e686585cc0b925da5a709ca7375b485998c022b34c13e0
SSDEEP

12288:0COjCZsqAmd+VFP9icQ2zj7GTJ9ioO4yo6ZUsh:LO+Zsjmd+VFPwczeTJ7O62h

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g09e

Decoy

flyinglarkgp.com

spiritsyncing.net

sushikreci.com

drssdup.com

mobileappsus.com

lvrcprbrisbane.com

nfjnwa.icu

ottenbruch.immo

strinosoft.com

portershoecollection.com

electriccarsus.com

lecai.icu

piplespnd.quest

talkrecords.com

lowcodeconnection.com

lastwagenfahrerjobshierorg.com

kpallman.com

dcrdr.com

chainalysisinfo.com

einayaa.com

Targets

- Target
  
  Profoma Invoice _568432.bin
- Size
  
  527KB
- MD5
  
  054e0e3655b99a7bdf021829434d5ef0
- SHA1
  
  7b263ee8c787e893c776df4a97c3c1076e4d25cd
- SHA256
  
  27b5c6cd7f2f32176249bd457017b2fc1f021d49cd4b2699c49bf2f2519b60f9
- SHA512
  
  ed43f425c0d650869eb85c341584d60c2d479265bec770b370056a6ad3bc0828506d17706d248156e2ddc647431f899d49581f74cb267928fdc7c590c1b3cbde
- SSDEEP
  
  12288:rJSjhrSXUqnZ1olPw5YIMa1TrYRWjgnETy2ZRfW:tFX3foVw5XPnidETba
Score

10^/10

formbook g09e discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  svttgvela.exe
- Size
  
  118KB
- MD5
  
  c627aca7ccf84f92622c5f83da4190ba
- SHA1
  
  83d7c0310e6e6c97cbdfea8fc0cbd2fee697fb5e
- SHA256
  
  4c166ca71399d8dd2cc895d0892dbf28ea2b5d883b6e310be7db76cf2d16066b
- SHA512
  
  465504c77cad06a7047e25aef1b5e351aff88bfea46cb848dc391e782d8c7f535be9379475645264574fe34f302a4d08ac92c801a568b54dd92cc63158cbb3bc
- SSDEEP
  
  1536:jWRagKDGAKkjVY14KFBER1+qmyzyDTV1X7ICf/pVBMkTSEEzcgutwaqec8ksWjcy:Sa3JqHFiR0yzs5xd3pMkTKcgudLc
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4