formbook

General

Target

JaffaCakes118_5c000a089179ae3d41f932bf258c7f70b0e49d1f7e9d4ccf2201b7d89e6cf748
Size

587KB
Sample

241229-jdmt8awpcp
MD5

8d905f5d8c59e73769c94bed8449ad9b
SHA1

3342fac38d46fc0db734de1cde82fa4674af8301
SHA256

5c000a089179ae3d41f932bf258c7f70b0e49d1f7e9d4ccf2201b7d89e6cf748
SHA512

f559ed3730f93105304763fc72bfed977714fe3c38fcb6f981057e000ff0ca957cfc425d8d00d2e614d871caca3be28d9050e2af857a9e4d1a6f402681f8db65
SSDEEP

12288:JdtwO6LDQdIYVALyclcA1fZlKGpCYYozM2UTn1ILZwbIAU/fnym:Jd36LDQdIYVc7Z8M/YzD1It42nym

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

xpg

Decoy

nebuless.net

handsomelildevil.com

cancinauto.com

cassiemariesolutions.com

barbarabubble.com

activ8.xyz

findousd.com

cacingcau.com

dengfeng.chat

nsctherapy.com

bluedemonstudio.net

cftx168.com

migosbiz.com

utcannabis.tech

progressivewellnessrx.com

euralix.com

texasbestchambers.com

sensotop.com

dondosha.club

nfxaccountmanager.com

Targets

- Target
  
  020be63fb89a86567bdc2fc58848e98b94a3f0ff9ba305a1bdfd7e21ae80d793
- Size
  
  724KB
- MD5
  
  ab5eed71310107061cac2b4f3234ead5
- SHA1
  
  83296a79376280e38d0677928eddca6d015a3e49
- SHA256
  
  020be63fb89a86567bdc2fc58848e98b94a3f0ff9ba305a1bdfd7e21ae80d793
- SHA512
  
  d549afa983e2640803814e34b13711f7a16a64d10a61620c2edc12c937bc13a0e9fe4f50135d9696984035547fbd9aaf5ff0e2020e8b135695e3b0c63f712d1e
- SSDEEP
  
  12288:EQNABBz7krBNkt6QS9UwPlOu8NDupn9kDJCbXXojdRGyvI1EgdkjezUh6ji8z:N0ktNbJlv/puJCb
Score

10^/10

formbook xpg discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2