formbook

General

Target

JaffaCakes118_80994375defa41f943fe763574195102ef9f8fcfe7bdec62101d91579bdea4fb
Size

1.2MB
Sample

241229-j1xb6sxkbw
MD5

626fd8a04592d25ac33c92b421295463
SHA1

5d26fa89b14f0e728323bd6da10d02db1a0a508e
SHA256

80994375defa41f943fe763574195102ef9f8fcfe7bdec62101d91579bdea4fb
SHA512

d6b85f5842a1f08081658ee911d2d418797c5607349efee0adff67bc660cdff52920f117ebe657d1b0508b7b9ebf512d215d81c92f814ab6aadaca852999ef6d
SSDEEP

12288:piyFBJ8RGZBrSsJCsFAcAkgY5GFgsVRNhMBBRKvq/plSxqjJ5nFIY4EzYu+638AB:pRBJuViaDjKKvq/ljriE

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

ibu9

Decoy

SlqQHYJCCye2PJOvckRFvoXpBrU=

0wiJKqZW5oq1pcnjGw==

OmSkPH0j8yC8NImNakSkFpQ=

fZLpx1E7I2Isc9QdOE7C

DfU04zHJrNrn+nmRA/tRfhIx

+WDsfJUZATOtta/7URVnaXyFuA==

8kK5Tpew+Y7pPnQ=

1fILe6dHLlx3CQpmJs1REJI=

aUSET96zZtnrcg==

cXN3B3pbZJvDDVitAg==

NXb3yR2ZRK+PG/YVqS+Gyg==

ER5iM7+khcU9h3nJqME=

8RBM2A6JYpF1QXnJqME=

9DyUCi6+l79HU0hgblDaEtmIlK9EJKGZQA==

iNApwSbnlMdyvwpktViQ3Q==

IXwGzToRCTekvmqN

iTo3KN3ueun+eA==

5g6DJJh8d57EDVitAg==

BO4S7jTUx/EVVBqq6pHW

+xdlAlY/Gjlg4r3FHy+58djwSgyIITQ1

Targets

- Target
  
  JaffaCakes118_80994375defa41f943fe763574195102ef9f8fcfe7bdec62101d91579bdea4fb
- Size
  
  1.2MB
- MD5
  
  626fd8a04592d25ac33c92b421295463
- SHA1
  
  5d26fa89b14f0e728323bd6da10d02db1a0a508e
- SHA256
  
  80994375defa41f943fe763574195102ef9f8fcfe7bdec62101d91579bdea4fb
- SHA512
  
  d6b85f5842a1f08081658ee911d2d418797c5607349efee0adff67bc660cdff52920f117ebe657d1b0508b7b9ebf512d215d81c92f814ab6aadaca852999ef6d
- SSDEEP
  
  12288:piyFBJ8RGZBrSsJCsFAcAkgY5GFgsVRNhMBBRKvq/plSxqjJ5nFIY4EzYu+638AB:pRBJuViaDjKKvq/ljriE
Score

10^/10

formbook ibu9 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2