formbook

General

Target

JaffaCakes118_81fa9837f35a889c5ad494e1b91ddb3b8d05ec4e9ae93eba19ebf21e125f0797
Size

277KB
Sample

241229-kjf5asxnbr
MD5

90c1a359711b15e1dc46460523651b25
SHA1

27f2c35a24b6e60a514357f765130fddffb29212
SHA256

81fa9837f35a889c5ad494e1b91ddb3b8d05ec4e9ae93eba19ebf21e125f0797
SHA512

eba218542022e2bd40e3dd26e35ff0f7c5654a027b78841a5a011c5a3b3d3a4064c6b218ebd658ed1dfa8ac198bbac2d3b69b243df540b4604a9c2bc5535d4d3
SSDEEP

6144:9EYYU8UDdg7MGCVEW5KoLHAS51AakSKh/vEQmcZhTLr:h7VuMGMEAHAS5KUKh0Lm3

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g09e

Decoy

flyinglarkgp.com

spiritsyncing.net

sushikreci.com

drssdup.com

mobileappsus.com

lvrcprbrisbane.com

nfjnwa.icu

ottenbruch.immo

strinosoft.com

portershoecollection.com

electriccarsus.com

lecai.icu

piplespnd.quest

talkrecords.com

lowcodeconnection.com

lastwagenfahrerjobshierorg.com

kpallman.com

dcrdr.com

chainalysisinfo.com

einayaa.com

Targets

- Target
  
  Invoice and Quotation.bin
- Size
  
  289KB
- MD5
  
  2e07da5fa7627362c6666c94210a40fe
- SHA1
  
  8fe040d7df872ae78e702f11827bd236a6201981
- SHA256
  
  c58e97524572e398ed81f73169c0fad3cbfd691761b997cf09be2a69ef5a6be0
- SHA512
  
  23af93e3f00ca661a33e03d1063b3c1fe9b974c62ef136233092153b7b9839e8a807bcdb24c3b079c0d28aa1909e0e543dbf102a569dfa846ceb1e9db095fe5a
- SSDEEP
  
  6144:owdWxpYqbDdleIkpq7pvzkh3p1YCuzcAGz7FGpxvFu20RCp93Nn0:YxpYqbDdleMdzktTYCuAAAilNphu
Score

10^/10

formbook g09e discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  qxbcmmh.exe
- Size
  
  117KB
- MD5
  
  65facecea332bbb51b802e66b329eb18
- SHA1
  
  019140dda8ec2d92fe2597c8949208a7ebe95c6e
- SHA256
  
  c6935a83136101694625c5904af17387b6cf2a2a0b91ae394615e4d1fa61bb28
- SHA512
  
  d9d241441345f5c2e0bbd9e41489d9907d5c722f030249fa0f8285c13c5b3c872a8805a8b673060cba16f72a4ad8feba3a1ffd93524930193fe08bbe443a3842
- SSDEEP
  
  1536:KQraTSjiYFwlvwVC1TsJ66zafChiC7f3OAcysEzdwcOGr2c8oA5YfnsWjcdCon:/jFwlvweI8kaZwmAcuYXmfIXn
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4