formbook

General

Target

JaffaCakes118_801ced2d6661e6ad1fe63da93f7a3700c36bd70b47cae2bfaf3c7b67c33513ec
Size

677KB
Sample

241229-kb854sxmcs
MD5

3a76951b1101d262bb1be490038ca759
SHA1

85a698fb1486c3a01ec6ad160b184ff067da518c
SHA256

801ced2d6661e6ad1fe63da93f7a3700c36bd70b47cae2bfaf3c7b67c33513ec
SHA512

82c298ed1b0935e5eccfda94616326c1ac63ec023c29a4c0f2b592ed5ac50d35ebe600efb04b4ad431dd9acfc9fa403222c50bc58831566c806d62273b2e17d8
SSDEEP

12288:pfst8S8m1y4573hDsFjx505kek0Vqffv51mwlbmPJqB0bni2:p0t2m973FsFT05kcU2wlbVqni2

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

wk31

Decoy

soroban.xyz

irfirstaid.com

irsaycollection.com

thebardownstairsasheville.com

facebookmeta.business

paypalsupportclient.com

metaversusfacebook.com

litakparuikamazon.com

rivianmotorcompany.com

metaversepro.us

ikramfamilypractice.com

bitcoinfuturesetfs.online

5donline.com

rosemount.us

nicole-steinfort.com

performanceautorepairsj.com

scrabblecheats.us

kjg67amazon.com

formerlyknownasfacebook.com

youtubeandgooglepay.online

Targets

- Target
  
  Estimates (Korea Zinc Co., Ltd. Onsan Refinery) 275-016.exe
- Size
  
  841KB
- MD5
  
  42d33f1103e99970b5a2bd66cc7abacf
- SHA1
  
  18b40de46605a148bd005f07f1396ea4be30f962
- SHA256
  
  898019809aff31148304abc19ab0514838d5ed4ae75318fe8865b4e5b139d52f
- SHA512
  
  471ef7e285ae5bb0db67e6722dde3877180d980f1cef271bf81e8c1f8c3fbd26ffa435eb04b0ef14ae6898ac26ed8b235eb9b203947aa4020955e5989e22fbbc
- SSDEEP
  
  12288:Duup9hCcfZ/2Yp45XWCPrpLlafo3arpcYVx1Izq+lG/hS2zG9+aw9cNq0p2W:qrk/2Yp4JWKmhpcewu+lghjZqN
Score

10^/10

formbook wk31 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2