formbook

General

Target

JaffaCakes118_0f9aa51dd209c16c1dade86a46fa461d8a045c2350d406700864271dab631b98
Size

298KB
Sample

241229-ks7cvaxpgl
MD5

769f6f915d2a71bb00f041e6f90d27bb
SHA1

670f2d76b6caa080d0f102d0e85672a696f0d5fd
SHA256

0f9aa51dd209c16c1dade86a46fa461d8a045c2350d406700864271dab631b98
SHA512

b5d118f460ff1cf4e8791e9afaca843305f559b2eaa0a70927a66cf86e79151138bf308701a61c716045bec8c8095c34412f69f1f2a9928acdb6d72586a333ac
SSDEEP

6144:1Q4zwnsys/8uRpMrR0A/BdA8Wirfsy0EZFIQ3e6Fh88LpJPbjBZDc+l4ks0+:1gs/FnMN0cBdYyvi583PbjBZD5l4lH

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ndc

Decoy

ezy-kitchen.com

steedx.com

angelicacapital.com

mazinglife.com

courtmillbuilders.com

pakoussaapparel.com

thegirlamongthegirlnow.com

melaninandmarscosmetics.com

skylarfeeneyphotography.com

auto-servis.site

casnza.com

good-un.com

wonderfulwanfield.com

cumulustalent.net

cannapecbd.com

westernsocietyspot.club

021jdwx.com

parcelretail.com

lazakanya.com

muslimmediation.com

Targets

- Target
  
  sample.exe
- Size
  
  459KB
- MD5
  
  06a466881eb25fe18248221687af6ab3
- SHA1
  
  17a3c06f08dc5610134292134baa2c4b122e3b98
- SHA256
  
  f8e9e0ca14f6c6759716590b8880593dc9069d7666adc8ebbbb216e7175a1999
- SHA512
  
  96b34326e9a8a72ace6c3b584408949f8424caf8d7bcb313a234c1452ee17c814db4277187abd1b15033064d73991bbd6db531b2ba8b0ef8f2d586398fbfbd95
- SSDEEP
  
  6144:o9X0GbyZbMNeq+B8r2tOVdNOQ+ZyTZt3EMNe0835iP9cMf9A+jbudLGmvtpGsEYl:e00iaeq+8mMteFpiP9jpELGmvtYnYXOs
Score

10^/10

formbook ndc discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/j6m19kru6wpzksw.dll
- Size
  
  6KB
- MD5
  
  fb719cbb8e619a0a53503d32410c099a
- SHA1
  
  2d6a082ec6171fa00509758b25299278d1944657
- SHA256
  
  1f1a183a52a36d09ce8611504ee629c7c2ef93ad1b09d32fbf2500441b41d0e6
- SHA512
  
  68f7d338e41ffade872c8175c0dc62dd296dccd32f9d6308bb0a407c60032877bbd5bff4af7dacbcb3fa023f285ce55935defae750ff7e2108f6ff6f5ab22077
- SSDEEP
  
  96:vGWc7CvrKoslKrKosdGCA+odjIMVWH7A3Fx:vGpNosZosjABd1WH
Score

10^/10

formbook ndc discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Loads dropped DLL

Suspicious use of SetThreadContext

Formbook

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4