formbook

General

Target

JaffaCakes118_84f011cc959c2bd6696a7580345503c2ed7b463e77c92715ff6ad30b8356bf8a
Size

463KB
Sample

241229-n4q2sa1lfr
MD5

89500d41e33879946dea05d7f0dbf755
SHA1

38f4ece40c7735c6e802c16250d6553f0f1bfaed
SHA256

84f011cc959c2bd6696a7580345503c2ed7b463e77c92715ff6ad30b8356bf8a
SHA512

361dc2d6f9175502737d44008b84dfe54147db8ee2ca193cc08c954d492977ea3b99dfe8e374d530e2d954f42c04e7cc84a3c2d813cb02053251745192582f5e
SSDEEP

12288:Dmqf1kfHfrWsuM+aWSWTp9M/5P2tZBQ4AOC:S81kjuaykP2zBSOC

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dyh6

Decoy

ximmgepn.xyz

bonitacandle.com

thesneakerhubofficial.com

miabags.online

maboxhistoire.com

viral22.com

gracebruno.xyz

safetycare.xyz

aerith.store

mountaingirlbbq.com

bhbuildertest-ecom.space

klhcn.com

guizhouhl.top

noreply-engagementboost.com

derdmlaucaty.store

viffetrade.com

iesyttsn.xyz

msumon.com

autoforos.com

carlosmorgan.com

Targets

- Target
  
  13ced2b4b6730fe68f7b4a964432782059d599f2_1639777158226.bin
- Size
  
  475KB
- MD5
  
  21778f5420d97a2e83e9f2b01228d28d
- SHA1
  
  13ced2b4b6730fe68f7b4a964432782059d599f2
- SHA256
  
  11f3014768f9b6fe474d0459e890668db9cdce835883960a39a7f9908c9c0cd2
- SHA512
  
  5d148141edb7eeb46330293ac93a08bd7b75aa7f5e1eed36187c1d7a7daf9b9477dc969ee7985fbadb109e8d0f7829852bf8df08987085f340798aa2b249d08b
- SSDEEP
  
  12288:aDLEtJIQtTqURgdiCcaEWOC8KQIgZF7V73F9SpesOfG3:aP0TLW8C8PF7VqZ+K
Score

10^/10

formbook dyh6 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/bdmaxvzwbi.dll
- Size
  
  347KB
- MD5
  
  8248d987789bdf8c1f4e217c7a249aba
- SHA1
  
  fa6d573591a26ae899acfcb27baefcc7ac962814
- SHA256
  
  35429e6b9821eca230d21238e80cdb419e211cad5031072da96a2f6a4a2b1386
- SHA512
  
  9f849a77879e48bc5e70174965435c5542b75c9dfeab05c1f38d6475b15ee17e31ebebf29be3b2ef41e65d27789e2d564392011dca21647d1fcf390974057072
- SSDEEP
  
  6144:7ccvGFCKyQTScHSi92wUbC0AoCuzEjyLLgoBC/igCgxa:7zveyQTScy/zXro+4oY/ig5xa
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4