formbook

General

Target

JaffaCakes118_1e684cd8e57a1e1185115068a8c9924d94db3a644219f6a4b95f4ae3036542b0
Size

1006KB
Sample

241229-lddbwsykdp
MD5

f4e7fbe4c9841ae440727a3a4647750e
SHA1

d9cedec54bcbde83df3f68b1eba806f26d7595a6
SHA256

1e684cd8e57a1e1185115068a8c9924d94db3a644219f6a4b95f4ae3036542b0
SHA512

5c62246721eb328adeb2ed7c003ec908c4e569bdef2668e22b879e643f9e50d0213d361d1735354518432fb0bb5ffaae5657c04b6cab5979eb518ba7a33c1af0
SSDEEP

24576:7X7YUGFktDIO43/O2QpEjauI+Uu1BninPF:7X7YHkOX/O2ljZIW9wd

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn31

Decoy

matsuomatsuo.com

104wn.com

bolacorner.com

dawonderer.com

yourpamlano.xyz

mtzmx.icu

lepakzaparket.com

barmagli.com

danta.ltd

marumaru240.com

people-centeredhr.com

test-brew-inc.com

clairvoyantbusinesscoach.com

aforeignexchangeblog.com

erentekbilisim.com

gangqinqu123.net

defiguaranteebonds.com

thegioigaubong97.site

vaoiwin.info

vcwholeness.com

Targets

- Target
  
  d29cda1e066eb7acae10ddc9c916d3b019aa55710197c58cf967d89db4d275b8
- Size
  
  1.0MB
- MD5
  
  a5bfded33b102cad8a69dbe56f3beb1f
- SHA1
  
  17ff6f9cd309ae33eb6e38cec0b86cdf37245e6a
- SHA256
  
  d29cda1e066eb7acae10ddc9c916d3b019aa55710197c58cf967d89db4d275b8
- SHA512
  
  47734a212c4c1aee436b0300e351560b6f01ba2426d06800056e16dcec81d2a46be38e2299c3d778cc7bc3399051645ccbbea42599efffea7376f7ae055a8b65
- SSDEEP
  
  24576:1ctcno/vKeX2U5x2wweb8MONmRHNHF8d4joTT+M694rjtpv6D:iS8HXZx2wwetNgNT+M6o3vW
Score

10^/10

formbook sn31 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2