formbook

General

Target

JaffaCakes118_f4fa7d88a2473c12fdb3d13833346d3fcd831a558619b24072518bdf4f2a3761
Size

361KB
Sample

241229-nrzs6a1jcy
MD5

71e638c83d24d846f012447114fdc36e
SHA1

94270f82ee80842df474fff85d3926d681f3893e
SHA256

f4fa7d88a2473c12fdb3d13833346d3fcd831a558619b24072518bdf4f2a3761
SHA512

e08b8f864d7e37be3389d879aea69c9ca9356df04cc8963ed75b77e832e396cbe868545b2f8b2ee0ba8d2050f2d2718b8398b54f9abd7701d853ae0bd2eb0a4e
SSDEEP

6144:JJJK+f5piqqnpQmc+7EN3CEgkVWUSzhuXvgXl7uw0UIhTXQ4lzc4zw7oOTz:JJs+hpXqaT+o1jVWUSdufoUwsxA4lzHw

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fzd

Decoy

vn-mua-hang-onlike.site

creationsbylisaq.com

clouduwo.com

archlvedata.com

casanoriamaderas.com

plouceur.com

thrivewarrioracademy.com

saraviafirma.com

letstalktech.tech

rhetfox.com

clmssouth.com

thecatstits.net

mepain.space

thepapaya.xyz

gaplek.net

llcom.net

estrategassocial.com

sliming.life

progressofindia.com

fakedoctorsrealfriendsmerch.com

Targets

- Target
  
  741815376052dfd9c8dda9031633196530d185b85f9820e1d4a2f0ffaa149b67
- Size
  
  451KB
- MD5
  
  daee820ef921e5598c815d66fa140046
- SHA1
  
  f9af4821c764e6d682e362b209ad15974eae1a84
- SHA256
  
  741815376052dfd9c8dda9031633196530d185b85f9820e1d4a2f0ffaa149b67
- SHA512
  
  092f2f1504d93c05dfb8adcd5471d5cf30fe1b466da140230a8a9ba1ea69e3be51359c35acfb2ec9a3682d853a4013c465f0ae71687645039553a8fd5b9ca163
- SSDEEP
  
  6144:3aV2T2YxNvJX/wFbJgCsuEsssQI+bELiQ4eyxgRN9MwMCaToCq5EvxKoLAN:3aV2pNvJX/wFbJEW+vzx+FYoCq5NW0
Score

10^/10

formbook fzd discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

CustAttr .NET packer

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2