formbook

General

Target

JaffaCakes118_a460d48bea53eb33be6834abf29cd60144066fbf473e78f4f4e6e99e6acf9469
Size

670KB
Sample

241229-mkdfxazjcm
MD5

3f21902043fd36e3fd964603a3f83d9c
SHA1

729457cf940300a6f8ae02b57c983a22e4f4c6de
SHA256

a460d48bea53eb33be6834abf29cd60144066fbf473e78f4f4e6e99e6acf9469
SHA512

139e2a56b011d27504d4413845d2820944b7e092e06bd38971e4981a5978255f2ced6149ad4ba408d5790823292e671c4e116f2485e4aca69a9e87ffed1d62ba
SSDEEP

12288:kKM3cZQS80S6eZQkacPonhVMfXuLmADxnOSLrmgVXlZo+9+i2nww8pxiP:krc3S6GRacPoha2LOS5lZoA/w8aP

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s0s2

Decoy

stripe-forecast.com

perfectingnextstage.com

primarole.com

nonnydesigns.com

wordsofweightandlevity.com

mafleursam.com

hardwarepicker.tech

minex-intl.com

thenextbigtech.net

rabeproject.com

sticktogracestudio.com

releve.space

readoku.net

carings.net

nasdaq-ex.store

au-techng.com

thethoughtgenius.com

how-to-learn-languages.net

kitabisabelanja.com

awndka.xyz

Targets

- Target
  
  6fe1fe1a97833a5377fcaf8ac6c0baebaf6d5509f5f7122efc2325546488d05c
- Size
  
  774KB
- MD5
  
  6721b437108e8794658374c8e7f34367
- SHA1
  
  759e55fa486249ade94d245c5b833c425c4ed1bb
- SHA256
  
  6fe1fe1a97833a5377fcaf8ac6c0baebaf6d5509f5f7122efc2325546488d05c
- SHA512
  
  e34f07f125e88f034359e8d807a1330725da08dfc6023df204ee24dad48202dcc0b16aeb5d058b1e1b74fa37de59ac88705de0c96c92e93e814f5dce31f64239
- SSDEEP
  
  12288:qjmk9e7a1dI7YC+WkYT1Fm1x/Uik6EMXpHC7OvC7MwroP4etoK6zDLf68Q:nREQkGKHXpi7OvCQwroPSK6Pu8Q
Score

10^/10

formbook s0s2 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2