formbook

General

Target

JaffaCakes118_527d523ec8da849e44e381f4cd8feaa74af309972ef59d505193cf56f8223fb1
Size

1.1MB
Sample

241229-mvh45szlax
MD5

fb009fdbd8542d823c4cc9fb02ecc6dc
SHA1

76837f628081a7e7f620de9d44c92ead052efe46
SHA256

527d523ec8da849e44e381f4cd8feaa74af309972ef59d505193cf56f8223fb1
SHA512

637e8a164ca98b0d5187030ce6eebdd2297efbe8ac4dcf2aaa27f003fae23778c8f3547b4bea4504ec7660de00cbe818f96bcddc56dd7c281af1b9bf97707e4c
SSDEEP

24576:QxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxNussxvfCBBVa:5vfovu8yBthQoJFdj

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

xoqd

Decoy

H5Xrxamh0f+N/tax

kD7yxmoTHSewkFqlnqV14wuw

RLsWzULVoCMc+A==

SOzPYHAMr8HKhU4b3XZSPb+gnUc=

Li195vujSFxYOpMGx2n2

kH4rLttwbW703GwH2z4=

uWRYsosnwsGcigoCt4ePgDDQZzr3d9ST

OrIL0WgG9VNBHvP2lkE1vnt0oE0=

NG2ALNd/l8Mw4WwH2z4=

VgnfELdrcdvMsD0uz3t3gBWUyas7gw==

DxNwymeJ/lPRqndL+WzAVUy4

mYxRaXV1X6WuqB4Op2d5MgrgIg==

8Um50qpVPodey2OVew==

irKA6NyNP0oxy2OVew==

KVo8zsszovt9JkmEbxfAVUy4

ZrSnCLtRSTV9Ujx9LigBEFq+

ty/Fn16LA2isSw5fYg==

MLFtv3Tmp+zu0Rr3nEhJLnt0oE0=

qTDnPBatWH9CF5jPvmhnVr+gnUc=

SXhRqlXv6M8V8d0hJ/93b/g=

Targets

- Target
  
  JaffaCakes118_527d523ec8da849e44e381f4cd8feaa74af309972ef59d505193cf56f8223fb1
- Size
  
  1.1MB
- MD5
  
  fb009fdbd8542d823c4cc9fb02ecc6dc
- SHA1
  
  76837f628081a7e7f620de9d44c92ead052efe46
- SHA256
  
  527d523ec8da849e44e381f4cd8feaa74af309972ef59d505193cf56f8223fb1
- SHA512
  
  637e8a164ca98b0d5187030ce6eebdd2297efbe8ac4dcf2aaa27f003fae23778c8f3547b4bea4504ec7660de00cbe818f96bcddc56dd7c281af1b9bf97707e4c
- SSDEEP
  
  24576:QxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxNussxvfCBBVa:5vfovu8yBthQoJFdj
Score

10^/10

formbook xoqd discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2