formbook

General

Target

JaffaCakes118_c1858ad1833c246ff8bf6cf2c60bace1f63dca90674b2a3006deaea9013c4079
Size

392KB
Sample

241229-hp988awkgr
MD5

4188f1553af2ff0d98926845c6d38fce
SHA1

29c48ec6eca6b2234248d85e9f4191fd39102511
SHA256

c1858ad1833c246ff8bf6cf2c60bace1f63dca90674b2a3006deaea9013c4079
SHA512

171bd20bb8e88cad1e8eebf70b7a0786858ab2471d6abdea6fd6d7fc44327b44af9016a9d332c5761979cd954b3eefcbb5e43524c8a7b6eec1a493c9c4781f12
SSDEEP

6144:nkm7KCZzaHux4YE3h/5i/83uWRTUQHEjVt8d7md4Mff6nd0bCzVcBtG5:nL7XZsupEDqspUHV3eM6dbAs5

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s2l6

Decoy

avispk.store

thomasfreitag.net

audazzo.com

wheelblastspareparts.com

babeson.top

bvvseafood-shop.com

fibertech.xyz

tapscrawlspacecleanup.com

jujiashu.com

lavech.com

kusdportal.com

luissonautodetailing.com

lomboktourist.com

mazaltovgift.com

u3vs.digital

metanovi.win

dakontoys.com

estavrse.com

partnerwithsentri.com

nissanquantum.com

Targets

- Target
  
  PO.exe
- Size
  
  465KB
- MD5
  
  4de9bfdd90db75c0b1ad968af9c094b2
- SHA1
  
  6c674e0cdc8735a3cf9bb6530c1ea08c4da13744
- SHA256
  
  45cb18a4c71c0330d1d8d493e0e32f7c55e6125d7219b0dedee54ccfe0aa85c9
- SHA512
  
  93a850a9881aedacfa2fafa35e7f316bcb260f424f4a566e35fdca773f10be1e3f02297c79f2ac882a027489b04f5c952e3c15a0151ece0f9be4ecf2c3318f59
- SSDEEP
  
  12288:ottbLWQOiDKDfdhBQwEgL8EObvrdz0YOsWN6Ax3ThZB:+bCiDuFhBQwtL8truYONN1B
Score

10^/10

formbook s2l6 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2