formbook

General

Target

JaffaCakes118_50532a2edc28f74e97ee013bfa042e435c742b8d84937344346b980ede458674
Size

569KB
Sample

241229-hpbewswkfj
MD5

dfda6d02765198a5d8351957e0145264
SHA1

40be4a3eb3f6c95fa8db472ee9fffa44e4d8cd00
SHA256

50532a2edc28f74e97ee013bfa042e435c742b8d84937344346b980ede458674
SHA512

a6fa11011d18df47708044e63fcb4cab3bd721aecd60ee40b05fb57979af8f718cfb41ca6a279ea8d48ae4c342b03a17517de167850bd172da028c9aa62d7a83
SSDEEP

12288:03tMw+KhuFB2kr6R3H/+AXKRosk9IhlL8/4B95/:037+l2ki//2Tk98L8/g5/

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

os56

Decoy

australianhotwaterupgrades.com

vipidplus.online

kneescooterscanada.com

pesanterkini.com

madden24gameplay.com

linkbong88moinhat.net

awongtest41saletest.com

thetravellingcatcompany.com

vazxlip.xyz

bangdemcheeks.com

passengerassistance.website

cloud4global.com

prestopizzarennes.com

midlandchambertravel.com

nashwan-d.com

bellescraftkitchen.com

teamtisdale.com

allascooussaa.us

cryptobet365.xyz

cbij.education

Targets

- Target
  
  690b0c5b2093f6bb09ab2756070951230809f4c33c2d4e5c9e17cf485bc91cfd
- Size
  
  924KB
- MD5
  
  eb8618087e373bdbea9867ee7e68a338
- SHA1
  
  76a89dfa066e5de6da37be81aa25b316ccb29a48
- SHA256
  
  690b0c5b2093f6bb09ab2756070951230809f4c33c2d4e5c9e17cf485bc91cfd
- SHA512
  
  778dc244289aaf3c52c3a122ad0cc810dc37ee63f7cb85bbe4ddfa54104e9b960b5cdcdbbf54210838ea24377d062ff4c8b4b8a6d9ecb77487b796aab83e2f72
- SSDEEP
  
  12288:GhlwVl5uhW1B2kB6R3HNYAlKRAsm9IhNL8/4pDe3:G0VPv2kQNZ8rm9WL8/h3
Score

10^/10

formbook os56 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2