formbook

General

Target

JaffaCakes118_059cff953747f4cfbc8f65c391ee12188d21ae5bffecff8a846418a13365d271
Size

826KB
Sample

241229-m794dszncr
MD5

1fa3bdfe48500c9de174789c1a06e768
SHA1

e3f8d505f9a241de50bd3275072415d989172b7a
SHA256

059cff953747f4cfbc8f65c391ee12188d21ae5bffecff8a846418a13365d271
SHA512

05889446e9cb0a9f7e1b3c71073814341c21a4925d7d0348d52f542d56c8e873fc34c8a3867d302750ae4a030e08ad5e5c2e0c6c65dbb15876f9aba0d0eba92d
SSDEEP

24576:4mQGR+UjUCHC6x4u71/3Oc8jcQrn725XenFNk:4CrUG5d/3zfQrnPFC

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

r4ei

Decoy

8clintonstreet.com

sherylhotpepperblends.com

eucham.asia

earnestqueen.com

vstexchange.com

theoutofbounds.com

allincursive.com

getgenevieved.com

commonlawpeoplesassembly.net

brideclubstorerastreamento.com

cngelectricaldesign.com

mizmaleather.com

nicolabenge.com

babyboxbuy.com

xaydungquan9.com

hclifechurch.com

cwyxonlp.icu

inocentkidd.com

worldhw.com

soul.exchange

Targets

- Target
  
  HNGC 04 ORDER DOCKET & BLUEPRINT.exe
- Size
  
  1010KB
- MD5
  
  7da2caa62ac9ebc22d4c4652c1c64a40
- SHA1
  
  b872068a8c0836088f4b480b547cd3976f2e2ff6
- SHA256
  
  ce52755476e6ccbe1ac1c8d850eacdc8d3ce3ccfc71e932df8709c4abe1f8899
- SHA512
  
  bd1f94dd259771a5df2b076e64f975f661b2c6ef4c148bfb8900750cbf1e4abb5ac083da80f88714a24cb9436b240d07c227ce11051c00e7904a6c342545e9cd
- SSDEEP
  
  24576:Ok5akazqoRlErfFVqNoRRRRRjXtAmA0ZSE:Ok5aka5ShVqNoRRRRRjdAmA0
Score

10^/10

formbook r4ei discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2