formbook

General

Target

JaffaCakes118_91a4767026536af44716798ffc7149f1754c44f84c67bc6a237e03e4a0398d5b
Size

1.1MB
Sample

241229-m8r9zazngw
MD5

c5ef57f9e112e4e9254a307cafc5b71c
SHA1

a5d53c9bec3e8e05fac84cea2248af8049301b26
SHA256

91a4767026536af44716798ffc7149f1754c44f84c67bc6a237e03e4a0398d5b
SHA512

e5d8ecd2c6e3ba600c253c7d6ca01ebcef50398eedb2e6008146adee950735b40fad3e8a48103f75c0a585af904ada889538a7f32d9277f4a2ef6df07bda7a43
SSDEEP

24576:DR11JiH/b4N3E9ZtE8E+FakGh62EmEEPwd/2R/ujlAMzPpR:DRTJY/S0O83rijE7AmlVzPz

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e2e

Decoy

crowncenturies.com

lillylashescanada.com

1066701.com

wodeshuji.com

switchradiousa.com

bkaz-kids.com

hotelkewal.com

jerryswan.com

pattizanin.com

xn--jdl-w48dtzq73l8sh.com

ringabhorrent.life

home-orchestre.com

rotgussplus.com

masterorion.com

g0758.com

conradgpr.com

bolgeservis1.com

thebiologicdentist.com

plantsonly-kitchen.com

cloudshareboard.com

Targets

- Target
  
  order pdf.exe
- Size
  
  1.5MB
- MD5
  
  dc425cdd4be9e881dc82e3d75c2f7771
- SHA1
  
  c1d47f92be936cbefb52899091ca2273869101bb
- SHA256
  
  c04e2a4dfc825504cc3b9b8917cc76d60c7d5a9a7a52eb8a191372a727eb5a23
- SHA512
  
  19a79889310e1d8ac40cea9dba528656e3e2ddb4d2298fd4ade3dc7df088b32624a6ccb57657b74c4f06eecbd35cf74c9e3110dfdda036ddaf57ff096c51bd97
- SSDEEP
  
  24576:yAHnh+eWsN3skA4RV1Hom2KXMmHakWQmuuvmkvpPyfwfqpUxXrSP5:1h+ZkldoPK8YalQmhvhlyfwypUFr2
Score

10^/10

discovery formbook e2e rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Drops startup file

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2