formbook

General

Target

JaffaCakes118_6ae8071cc6e2878cecd868d14a012b5a85dc37305f0e476d07fa809b699c1ee2
Size

343KB
Sample

241229-hkbj4awjgq
MD5

56a2a73203adacc812617960c40e9ca4
SHA1

52d7be19845469dc6f406473426cff05a01c82c2
SHA256

6ae8071cc6e2878cecd868d14a012b5a85dc37305f0e476d07fa809b699c1ee2
SHA512

c6a1ce0a840d9e5f678b43378ec7811a75005ca314058ea024d919aeb2f9111852423c5c772950e25dc2535fd513556c2f615e20bb83a9d658c9a15272dee99c
SSDEEP

6144:yMD6X6gWbfSlHuHVPzybQ6CXlSmMlbN1E8lG6frVBIaJdWo7Pag:ZOXTufOq5zsQ6OEHlbvTGCIaJdlag

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bg6

Decoy

uvs57.info

perfectpointapparel.com

sportsthrem.com

debowerdesigns.com

wzjs99.com

chothuexenangxecauninhbinh.com

blackkeymanagement.com

verdesonline.com

hezehzxx0530.com

alientechcenterlondon.com

body-suit.com

pcfip.com

perocreations.com

mingary.life

goldengoddessglamour.com

reparmaxpro.com

xn--fiqv1al2p20d348d.com

yourhomehealthcarellc.net

weddingproper.com

felicityhorseclub.com

Targets

- Target
  
  soa.bin
- Size
  
  451KB
- MD5
  
  db7035b451f169a670b56a3a023b18e8
- SHA1
  
  d586fb0dbdfb1a37cf8097c3f11f4db745e9faa9
- SHA256
  
  aeccef59002b851b685cf54307f906c06adb065b68c3eff112f4b0f1442d1349
- SHA512
  
  fc6f4c6321747aa92301f8ac3d01cae40ad5d51df1cf294e179bd866537de0f5cef7f1b17616efbc2194679b7d7eff8b807d9d1ef9dc12331c497cbb4f89d707
- SSDEEP
  
  6144:rr5h1r6lmPMk8X25ahxL4XUhaGFo69nwTge6qG5yjNeQFgv8dKgvW:rrH1GIUk83xLfHSTg5qGIjNeDCKg
Score

10^/10

formbook bg6 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2